Skip to main content

Safeguard Account Authentication

Learning Objectives

After completing this unit, you’ll be able to:

  • Explain why password sharing is risky.
  • List the types of tools that help secure passwords.

Risks of Password Sharing

As you know, never share your passwords and always use unique passwords for each of your accounts. With so many logins to keep track of, a best practice is to use a password manager to help you safely store and easily retrieve login and password information. We go into more detail on that later.

Unfortunately, a 2019 study by SurveyMonkey found that one-third of the approximately 1,500 adults surveyed share passwords or accounts with their coworkers. The study also found that 22% of people reuse the same password on multiple work accounts, 34% write passwords down on paper, and 10% have a document on their computer full of passwords.

It can be tempting to share your password with an executive assistant so that person can manage those accounts for you. However, sharing your password provides that person with the ability to delete or alter sensitive data, or access data inappropriately under your account. Not to mention, when you reuse a password across multiple accounts, you introduce risk. Attackers can reuse a password compromised on one account to access a variety of information. Likewise, writing passwords on paper or on a computer means someone who walks by, digs through the trash, or gains illicit access to your laptop can now use your credentials to access accounts. For all of these reasons, never share your password or store it insecurely! 

Secure Your Accounts

You don’t need a notebook on your desk full of all your 16 character passwords, each with unique special symbol requirements. Password management tools such as Keeper, LastPass, and Dashlane, to name a few, can store and auto-generate your passwords, which lets you safely manage multiple credentials. 

In addition to a password manager, use multi-factor authentication (MFA) where possible. At your organization, MFA may be technically enforced where required by policy. Oftentimes, the way you log in to your company’s network has multiple layers of authentication. You can also opt to use MFA on your personal accounts at banks, health providers, and social media sites in order to better protect your personal information. 

MFA combines at least two of the three forms of authentication—something a user knows, something a user possesses, or a permanent physical attribute of the user. Let’s look at an example. Anya is an executive at a company that specializes in application services and application delivery networking. When she logs on to her laptop’s virtual private network (VPN), she first enters her username and password (something she knows). She then receives a push notification on an authenticator app on her mobile device and approves the login. This is a second form of authentication (something she possesses). Attackers therefore must have access to her phone and know her password to compromise her account. For this reason, MFA is stronger than password use alone. 

A woman is logging in to a laptop using multi-factor authentication. She is looking at her mobile device to receive a code in her authenticator app.

Now that you understand better how to secure your account using password protection technologies and MFA, let’s next dive deeper to help you protect yourself no matter where you are—whether in the office, interacting online, or traveling.

Knowledge Check

Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the description in the left column next to the matching category on the right. When you finish matching all the items, click Submit to check your work. To start over, click Reset.

Great work!

Resources

Partagez vos commentaires sur Trailhead dans l'aide Salesforce.

Nous aimerions connaître votre expérience avec Trailhead. Vous pouvez désormais accéder au nouveau formulaire de commentaires à tout moment depuis le site d'aide Salesforce.

En savoir plus Continuer à partager vos commentaires