Passwords & Security – Best Practices

Security begins with a good password. The most important factor in the strength of a password is it’s length. All else equal, a 40 character password will be immeasurably stronger than a 6 character password. Also, mixing upper & lowercase letters, numbers, and special characters into a password give them the ability to withstand dictionary-like “guessing” attacks by another computer.

Make them long (even a phrase like I love Dogs, but tolerate 9 cats!)
Mix upper & lower case
Add a special character or two

Don’t let your browser save your password. While this may make it easier for you to log in, it also makes it easier for any unauthorized person who may access your computer to log in. It’s also easy to forget your password, so that if you use a different browser down the road, you won’t be able to log in.

Alternatively, there are a number of good password manager programs available, that enable you to copy & paste your credentials when you log in. If that’s not a good option for you, just pick a password – or a sentence – that you can remember. Sentences are ideal because they’re long, can contain upper & lower case letters and you can punctuate them easily.

Remove old usernames from your account. If more than one username has access to your account, and it’s been months since one of the usernames has been used, it’s best to just remove it. If you need it later, it’s easy to add it back on. In fact, next month we’ll begin posting reminder login messages for accounts that have old usernames associated with them.

Keep current with anti-virus and operating system updates. Sure, it can be annoying to pause and download new updates for anti-virus software or Windows/Mac updates, but the reason updates exist is because new vulnerabilities and attacks have been identified and need to be patched. In fact, bad guys often create exploits for recently discovered vulnerabilities because they know most people won’t update their software in a timely fashion. Ignore updates at your peril.

We’ll never ask you for your password or credit card. We don’t want to know. It’s your secret. If someone asks you for your credit card information or My Clients Plus password, it’s not us. Your passwords or credit card data cannot be retrieved by anyone at My Clients Plus, not even technical people.

Empty your “trash” and “downloads” folders at the end of each day. Your browser can automatically download files to your computer that you view from My Clients Plus. Invoice PDFs are an example of these. To prevent unencrypted PHI from being stored on your computer, you should review and/or delete these files before you end your day and clean up unwanted files.