I’ve been given keys to front doors, back doors, private offices and safes. I’ve even been given a master key.
I’ve also been given “keys” to FTP’s, websites, Facebook accounts, Twitter accounts, WordPress installs, domain registrars and email accounts.
What strikes me is how differently both have been treated.
The organic keys were treated with much more reverence, care and caution.
Why is that?
I recently had to acquire the “keys” to a new client. It was a little awkward, since I had to get them from the previous web developer. You see, no one from the organization had the information! The former developer had all these keys:
- cPanel
- Hosting Account
- FTP
- And, three different domain name registrations.
Seriously?
Not a single scrap of this information was in the hands of the organization. In fact, since the former dev lost the password to one of the domain registrations, I had to rely on him to forward me the lost password email! Good thing he was on good terms. Imagine if he was angry? After all, the domain names were registered in his name. I think I’ll be changing that for my client.
Churches & Organizaions
Let me ask you:
- Where are your keys?
- Are they being held by only one person?
- Have you updated this information recently?
- Do you have it on file?
- Do you know who has a “copy” of your keys?
You need to take a pro-active approach to this.
- Domain names are on lock down; it isn’t YouTube, folks.
- FTP logins gives full access to your entire backend; delete!
These, of course, are extreme circumstances, but so is theft. You don’t hand over the front door key to just anyone. You don’t give security codes to anyone who asks, and you always ask for a key to be returned for those moving on to other jobs or Churches, right? The same should go for those things you keep in virtual safekeeping.
[Image via Solo]
Reba says
I worry about this myself. I keep all the church’s information locked in 1password (as well as my own – I keep folders of information). The information is updated constantly and used often. It has the ability to store: passwords, secure notes, software serial numbers and just about anything else.
One thing I love about 1password is the ability to export an encrypted web page with all the logins and notes. Every so often I sent this to the church administrator with the password in a different email.
It might not be the best solution but it works for our needs.
Eric Dye says
You’re being pro active and have a handle on it, that’s the most important thing!
Raoul Snyman says
It’s not even just churches. You know how many other companies I’ve dealt with who don’t have the details to their website?
“The company who did our website has that stuff.”
Uh, no, that’s not good. You need to be in control.
Thanks for the post, it’s a good topic, and it reminded me again of the importance of being vendor-independent in everything – it’s not about being able to do stuff without the vendor, but more about being security conscious.
Eric Dye says
Exactly!
Greg Simmons says
I have used keepass to store keys securely.
Might I also suggest regularly changing the passwords using a tool such as http://randomkeygen.com/
As staff, consultants, contractors and volunteers change over time, this will help keep your data secure.
Eric Dye says
Indeed! We’ve covered these on ChurchMag the past few weeks, but using these tools is the answer for sure!
Chandos says
I also recommend 1Password. I use it for myself, then, also store them online at secretserveronline.com incase something happens to me or my computer 🙂
Eric Dye says
Nice! We’ll have to check out secretserver.
Dustin W. Stout says
Great points Eric! I’ll have to look into 1Password.
Eric Dye says
https://churchm.ag/password-manager/
James Cooper says
I love 1password as well. I wish you could share certain accounts with other though – that would be really handy. (and my physical church keys live the same draw as my house keys!)
Reba says
James – you can share. You can export just certain entries to another 1password file, encrypted web page and more. It is easy to send a group of passwords to someone else.
Eric Dye says
#WINNING