Frequently asked Questions Passwords and Access (828) 713-0535 helpdesk@leelehman.com PO Box 19185, Asheville NC 28815 Q:  What do I need to know about passwords? Q:  What about passwords for my web site? Q:  Can I always use the same password on the web? Q:  What do I need to know about passwords? A:  Passwords are a real dilemma. If we really used separate passwords for everything, we would be spending all of our time looking them up, and not working at all! Before deciding the best way to assign passwords within a business, let's remember the primary purposes that passwords serve: 1.Privacy 2.Security 3.Control Everybody within a business deserves at least some privacy, unless as an employer you really want everybody stressed out all the time. However, just how much privacy depends on the structure of the organization. Where a business has one or multiple owners, there is an owner-level privacy zone. There is a human resources privacy zone. Probably each department has a zone. This is to say that if there are several people who might be answering customer questions, all of those people need to have access to the same data in order to do so. But those people wouldn't need to have access to accounts payable, except perhaps in a very small office. Passwords give privacy, but they also entail responsibility. Programs which track passwords can make one person accountable for a mistake – or a brilliant idea. Thus, both accessibility and accountability have to be considered. If in your design, one or more people are continually needing higher level access – then something about your data flow needs fixing. If you want a supervisor to have to intervene for a function, that's fine. But if a higher level password is necessary on a regular basis, then the system should be changed. As an owner, you should have access to all business records – so you probably need access to all procedural passwords. When it comes to assigning passwords, most programs would love it if completely random combinations of words or numbers were used – but human beings resent this. One suggestion, though: whatever you use as your logic for picking passwords, use a different logic for each primary level. If you use your dog's name for one function, don't use your cat for a different one! Go to Top Q:  What about passwords for my web site? A:  It is imperative from your business standpoint that you have all the master passwords to access your site. You may never actually want to use them - but you need to be able to pass them on to anyone that you want to be able to work on your website. Not that you should lose sleep being paranoid about your web consultant(s) - but for the same reason, you should be the one who is listed as owning your domain name. Working with computers, whether as a web consultant or otherwise, is a high burn-out area - and you don't want your domain to expire because you don't know about it. I actually received e-mail from one site where there are two or three other domains that were set up by the prior consultant - and nobody is getting the domain renewals. I another recent case, the web developer stopped answering e-mails, and the site was left containing erroneous information that prevented the owner from joining the Chamber of Commerce - because of fraud issues. So maintaining the password may be a bit of a pain, but it could save you a lot in the end. Another tricky point - if your consultant is setting up anything like a shopping cart or Paypal buttons, the consultant most likely needs your Paypal password to do the job. Probably the safest thing to do is to change the password for the length of time that the web design is happening, and then change it back afterwards. But this may not be enough. If you are setting up for automatic download from your site, that add-on requires your Paypal password in order to verify that the sale has gone through. So if you simply change your Paypal password after the web development is complete, your auto download stops working - unless you know how to change the Paypal password at the download site. Go to Top Q:  Can I always use the same password on the web? A:  Tricky question. Do you trust that all web commerce sites are secure? Of course, one simple thing - never trust your name, password , much less credit card to a site that doesn't show an "s" as part of the http address:  as in "https." But still, would you trust the same info to any site on the web that users use to access your bank account? I wouldn't! Also, never respond to an e-mail from a site that claims that there is a security issue that requires that you log in to their site immediately through a link in the e- mail. This is almost always fraud! Only log in to a secure site through your usual web address. Go to Top All the images here are clickable links to websites that Lee has either designed, or administered.