It’s 10pm: Do you know where your credentials are?

As quickly as tech moves, with one-year pit-stops and freelance tech work now the norm, it’s as important as ever to protect some of your most valuable business assets: login credentials.

Seems simple, right? Keep a secured master username and password list with periodic updates. Make sure they’re hard to guess. Make sure more than one person has access to them. Having done work for corporate monoliths and four-person startups, I can state confidently that rare is the organization that has an appropriate combination of secure credentials, and access to them.

1. Centralize. Keep a secure master document of all usernames, passwords, challenge questions, and license keys. Insure that key people have access to it at all times.
2. Stay Strong. Use strong passwords. Yeah, you’ll probably need to continually cut and paste, but Password123 doesn’t cut it, even if it does begin with a cap. I’ve always like this password generator, and for an even easier, more straightforward tool check out the generator at Cloudwards.
3. ALWAYS, always make sure you have administrative rights to your domain, hosting, and FTP accounts. Little is more frustrating (for example) than when a former employee or consultant walks, your domain expires, it’s suddenly parked, and you’re on the phone with Network Solutions (or similar) trying to convince them that you’re an agent of that website or company, and trying to track down disgruntled former associates to help you. It’s a nightmare scenario that I experienced personally while working for a high-profile music artist. You can always add people as technical contacts on your hosting and domain control panels, while retaining your standing as account administrator.
4. Don’t let freelancers or employees establish or administrate social media accounts on your company’s behalf using their personal information. Companies often do this out of convenience, or a laissez-faire approach. If you don’t have the in-house expertise to do that, insist that consultants use a company-provided email account that you have admin access to.
5. Change passwords when employees change. Trust no one. It’s ok. That charming millennial that “did social” for you that left to create lists (like the one you’re reading now) for Buzzfeed is of completely unassailable character. But change your logins anyway.

You can never be 100% protected from unscrupulous vendors or employees. It’s impossible to peer into their hearts and know in advance whether they’ll make off with assets or access, but at worst, you should have a few tools to react fast should you need to.