Passwords and 2FA: Don’t Neglect Your Data (Part 1)

I don’t need to take a poll to know that small nonprofits and ministries don’t have the workforce to keep track of every detail and stay on top of every piece of information that’s all around you. It’s a common problem!

Whether you’re the director of development/website manager/social media content developer/major gifts officer/email marketer/anything else that comes up person or you’re lucky enough to have just one job at your organization, it can feel daunting when you look at the sheer amount of data that has to be managed.

But the more you plug your ears and sing la-la-la-la-I-can’t-hear-you…

… the more you’re apt to get lost in the jungle of it all.

There are so many services out there to help you manage your data. In this series, I’ll review and explain a few of my favorite platforms in these areas:

Passwords & 2FA Management

Password Management

Gone are the days when using Password123 or orgname2003 make anything safe from malicious actors. These days, your online organization’s security online has to be a priority, and it has to be managed intentionally.

Your organization’s funding sources, donor information, program details, volunteer schedules, grant applications, photos and videos, strategic plans, and social media accounts all deserve to be protected from being exploited by hackers, spammers, disgruntled former team members, opposition to your mission, and scammers.

Cue my favorite password management system…

When I worked first started work in-house as the marketing manager for a nonprofit organization, I spent hours working to gain access to accounts set up by the previous manager. Later, I set up a LastPass account for the organization, and during my 4 years there, added nearly 100 account credentials that were easily passed on to the team when I left—simply by sharing my LastPass master password.

LastPass is an online password manager that make it easy to keep track of the passwords for all your online accounts in one place. When you sign up for an account, you create one super-secure passphrase to keep your account safe—your last password, get it?—and memorize that one, instead of memorizing dozens and dozens of passwords.

What’s a Passphrase?

According to TechTarget (who also made the graphic below), a passphrase is “sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack.”

While most passwords are usually 8 to 16 characters long, passphrases can reach up to 100 characters or more.

e.g. sailboat pillow peanut butter january

e.g. video-orange-hayfever-laundromat

Why a passphrase and not a password?

This tech-famous xkcd comic explains it clearly:

Password Sharing

Ever need to send the login information for your website or your YouTube/Canva/MailChimp account with a team member or volunteer? Email isn’t secure, and neither are SMS text messages (although iMessages from Apple device to Apple device are)… so, when you email or text your password, you’re basically shouting it into the void.

With LastPass, you can share access to your passwords without actually sharing your passwords. You’ll simple click the SHARE button, enter their email address, and LastPass handles the rest. (Handy for working with freelancers and consultants like me too!)

Need to revoke someone’s access? Unshare. No need to change the password for everyone.

Browser Extensions & mobile Apps

LastPass has browser extensions for all major browsers, plus apps for Apple and Android, so you’ll never be without your passwords ever again!

Security Alerts

Plus, it will notify you if your passwords are compromised or if you have reused the same passwords for multiple places (a BIG no-no). It will even help you change your passwords in just a click or two, which saves a ton of time.

Auto-complete online Forms

Tired of typing and retyping the same data over and over again? Name, address, phone number, email address, name address, phone number, email address…. LastPass can also store data like commonly-used contact information, which can then be used to instantly and securely complete online forms.

Secure credit card storage

And again… tired of typing and retyping the same data over and over again? Credit card number, name on card, billing address, expiration date, CVV code, credit card number, name on card, billing address, expiration date, CVV code… Yes, LastPass can store those too—securely of course—so you never have to remember the little 3-digit security code for your organization’s credit card ever again.

I sound like I work for LastPass, but nope. I don't even have a referral link to share. I just really love tools that save time and frustration, and LastPass does both of those things.

Two-Factor Authentication (2FA)

In the discussion of password security, we have to also talk about two-factor authentication (2FA) and multi-factor authentication (MFA).

Bad actors are always out there, hacking and using bots to search for security holes. So, it makes sense that many websites and apps now require a second form of authentication to prove that you are who you say you are. It’s wise for them to be skeptical of login attempts.

The second form of authentication that many sites use is a 6-digit code which is generated randomly for a timed, single use. These codes can be sent via email or text message or generated by an authenticator app on your mobile device.

I could explain more about 2FA, but there are SOOOOOO many places out there that do it better, so just read all about it here (and then come back).

Okay, welcome back.

I’ve used all the major authenticator apps, and they all work basically the same way…

To set up:

Turn on 2FA in the account you want to secure, select the authenticator app option, open the app on your phone, scan the QR code, enter the 6-digit code into the account prompt. Setup complete.

To use:

Log in to a secured account with your username and password. When it prompts you for the 2FA code, open your authenticator app to view the newly generated code for that site account, and enter the code into the account prompt. Voila! You’re in.

Here are a few authenticator apps to check out on your favorite app store:

  • 2FAS ← My favorite for categorizing and sorting a big list of accounts like I have to. Apple | Android
  • Microsoft Authenticator ← I only use this for Microsoft products. Apple | Android
  • Google Authenticator ← I generally avoid using Google products whenever possible, but this is one of the commonly-recommended apps. Apple | Android
  • LastPass Authenticator* ←  Apple | Android

* When I started using 2FA years ago, LastPass didn’t have an authenticator app… but now it does! I haven’t used it, so I cannot vouch for it. That said, I have heard nothing bad about it.

practice a new habit

Getting used to using two-factor authentication takes some time; it can be frustrating and feel like extra annoying steps that keep you from getting quick access to your accounts and your information. However, the more you use the extra security step, the more normal it will feel.

Rather than stowing your phone in your pocket, purse, laptop bag, or desk drawer, practice keeping it accessible while you’re working at your computer, and start expecting that second step every time you log in.

5 Super Easy Action Steps:

  1.  Create a LastPass account for your organization.
  2. Install the browser extension for Chrome, FireFox, Safari, or whatever browser you use.
  3. Download the LastPass Password Manager App for your phone: AppleAndroid
  4.  Select an Authenticator app from the list above and download it onto your phone. Not sure what to pick? Go with 2FAS  Apple | Android or LastPass Authenticator Apple | Android
  5. Every time you log in to an online account for your organization, save the login credentials into your LastPass vault. (The browser extension makes this easy and almost fully automatic.) If there’s an option to add two-factor authentication, give it a try, using the Authenticator app you just installed.

Don't Neglect Your Data:

Now available at Amazon! Check out my ebook How to Choose the Right Graphic Designer for Your Nonprofit for practical tips to help you and your team to craft the creative team that your organization needs to thrive!

Only $5.99!

About the Author

Laura Kline

Laura Kline is a graphic designer and communications specialist. She has a master's degree in media design and over 18 years of experience working with agencies, businesses, and nonprofit organizations of all sizes.

Leave a Reply

Your email address will not be published. Required fields are marked *