Password Management Best Practices
Table of Contents
Why security?
Each organization has unique security needs, so it is vital that your user team analyzes their situation and makes decisions on how to set up their distinct security goals.
Please take the time to go through our suggested best practices, and let our Customer Support Team know if you would like any consultation on them.
General best practices
- Don’t share passwords.
- Don’t use generic passwords or shared operator accounts. Each user should have their own unique username and password.
- Consider using a secure password management program to avoid forgetting your login info, and to avoid having your password in obvious places (like a post-it note on your desk).
- Keep your operating system and browsers up-to-date.
- ALWAYS add a valid and current email to an operator user record so that the operator can recover their password if needed.
- Make sure to whitelist noreply@keepntrack.com, which is the email address any password reset emails will come from. This might need to be done by a district or facility IT team.
- Have a plan to access the system admin’s password/email if they leave, or have a backup system admin user.
Login redundancies
- We recommend having two distinct highest level operators (System Administrator) for redundancies, in case one operator leaves, then the second operator can still access all areas of the program. For example, this could be someone like a high-level admin, or a District Tech.
- Consider giving a backup, full-admin rights login to a person who is always onsite, like your principle IT technician. Even if they don’t use KeepnTrack regularly, if you ever get locked out, someone can help. This can also be useful if someone is helping out as a kiosk operator temporarily, but the permanent staff is unavailable to help give them temporary access.
- A lot of this may depend on the size of your facility, and your administrative group should make a plan and policy for password and user management.
Creating a secure password
We recommend that you set a standard for secure passwords and train your team accordingly.
Here are some generally accepted password rules:
- It is not safe to use the same password on more than one site. If your password is hacked for one site, then it could be used to get into multiple sites. Reusing passwords is not secure.
- Create a password that is hard to guess, and doesn’t contain personal information like your birthdate or phone number. A strong password should be easy for you to remember, but hard for anyone to guess or associate with you. Avoid using simple phrases, words, or patterns that are easy to guess.
- Remember that the longer a password is, the harder it is to hack.
- Follow these simple steps to keep your data (and yourself) safe.
Tip: Keep your data safe—Password Required!
How strong is the password you use to log in to KeepnTrack? You aren’t going to have any mischievous 7th-grader guessing it and wreaking havoc on your volunteer history, are you? Let’s take a look at some good password tips.
Picking a good password
In general, you want to choose a password that someone is not likely to guess, whether it’s ‘silverhorses’ or ‘112233cats’ etc. But as an operator with access not only to your KeepnTrack history but also to numerous user records, you are responsible for the security of the database and of those users’ information.
To choose a strong password, you want something that a) the 7th-grader can never guess, and b) hacking (password-guessing) software is going to have to work really, really hard for. These are similar but not the same goals. For example, the 7th-grader will never guess a random 5-digit string of numbers (or, it might take them thousands of tries), but 5 digits isn’t that long for a computer program to try every possibility. On the other hand, a program might take forever to guess ‘iloveschool4ever’ but the 7th-grader might try that fairly early on.
Some highly-recommended points for picking a good password:
- Pick a long semi-random phrase, like ‘herdofsilverhorses’.
- Add a number to really throw things off, e.g. ‘herdof30silverhorses’.
- Add a symbol* to make things really fancy, e.g. ‘herdof30silverhorses!’.
- Don’t write your password on a sticky note that you keep on your desk. (I recommend using password-management software.)
If you count that last iteration of my beautiful password, it’s 21 characters long. Yikes! That’s pretty secure. Usually 12–15 characters will keep you pretty safe. Anything above that and you are a super guardian of your domain.
*Most symbols are fine, but be aware that some login pages will see symbols in the password as part of their code, and then you get stuck out of your account. Not fun. So be sure to always test your password after you change it! In KeepnTrack we recommend any of the following: !@#$%^&*-=+.,
Changing your password in KeepnTrack
The easiest way to reset your password in KeepnTrack is to go to Login > Forgot password > and reset your password from the email that you receive.
As an operator you can also change passwords through Users Management:
- Unlock your user record and enter the new password in the Password and Confirm Password fields on the Access tab. Click Save.
Don’t forget to check with your aides to ensure they also have appropriate passwords!
Carry on, fearless guardian!
See also https://xkcd.com/936/
Creating a new secure operator
Adding operators is usually done by an admin, or someone who has greater security rights than the new operator being created.
Be sure the operator has an EMAIL, maybe even TWO, so they can always recover their password!
Here are the steps to creating a new operator:
- Go to Users and create a new user. Give them a name and any other basic information.
- Enter their email in the Contact tab.
- Under the Security > Access tab, set their username. You can also give them a starting password but it’s not required.
- Set their Security Group. This determines the level of access to KeepnTrack they have. Review Security.
- System Administrators have access to all sites by default. For any other security group, you will need to choose the exact sites they have access to.
- Save the record.
- At this point, you can let the new operator know that they can log in. You’ll need to tell them their username, and their email or barcode from their record. The operator should then go to log in, choose ‘forgot password’, fill out their email or barcode, and reset their password using the link in the resulting email.
Recovering an operator login
There are two possible scenarios for recovering a login or getting back into KeepnTrack; if you have an operator record with an email attached to it, or if you do not. We will cover both below.
If you have access to the operator’s email address or barcode for password recovery:
When setting up an operator, ensure an email is entered. If an email was entered at the time of setup, the quickest way to recover an operator login is to:
- Go to the login page for KeepnTrack, and click the “Forgot your password?” button located below the username and password fields.
- Enter the email (or barcode) of the operator and click SEND LINK.
- Once you receive the recovery link, follow the steps to update the password, within 24 hours of receiving the recovery link.
Make sure to whitelist noreply@keepntrack.com.
If the operator DOES NOT have an email attached to their record in KeepnTrack:
The steps for recovering a login in this case can be a lengthy process and customers will be required to speak with the COMPanion Support team and confirm their identity and role. Due to security considerations and requirements, COMPanion Corporation and the COMPanion Support Team withhold the right to deny or approve password requests at any time.
This is why it is important to maintain and manage access to your service. If you do not have access to the operator’s email address, username, or barcode for whom you wish to recover or reset a password (or if the operator did not have a valid email in their record), then you will need to speak with a member of the COMPanion Support Team. Their contact info is:
(800) 347-4942 · support@companioncorp.com
If approved, a Support Team member will then issue a temporary password that is good for 24 hours.
With this temporary password, you can log in to KeepnTrack and follow these steps to reset the password:
Go to Users and locate the user profile with the login credentials and permissions. Once the user record is displayed, click the Lock icon to unlock the record. Go to the Security > Access tab and enter a new password, then click Save.
Please also be aware that our 24 hour temporary password does give the logged-in-user highest access to the program. It is wise to be sensitive with whom you are sharing these temporary credentials. |
Retiring operators
If you have staff who is retiring, or one that has already left, you will want to remove their access to KeepnTrack. You might also be adding a new operator to your KeepnTrack. Here are the steps to do that.
To remove an operator:
Go to Users and locate the record of the person who is leaving. Unlock the record and go to the actions menu and choose Remove User, then select Yes, Remove.
To create a new staff record, see the section above for creating a new secure operator.
Cleaning up operators
COMPanion suggests regular audits of who has operator access to KeepnTrack, and if old operators should be removed. There are multiple security group levels; all may need to be cleaned up.
To clean up your operators:
Run the Security Clearance report to generate a list of your operators to review. Pay particular attention to System Administrators, but also review other levels such as Site Administrator, Administrator, and Kiosk Operator.
Review the list of operator user records and determine which need to be removed.
In KeepnTrack go to Users and locate and select the operator you want to remove. Click the Lock icon to unlock the record. Go to the Actions button next to the lock and choose Remove Users, then select Yes, Remove.
Repeat these steps for all operators you need to remove.
That’s it! You now have the knowledge to successfully manage passwords in your KeepnTrack system.
0 Comments