Email In Bed And Other Home-Working Risks - A Guide To Secure And Practical Password Management

Smartphones, apps, and software in their various forms have broadly improved conditions for the UK's office working population. The ability to get things done with flexibility, often from home, has significantly improved much of the workforce's work-life balance. 'Working from home' is no longer seen as a euphemism for 'watching daytime TV'. We can work from home when we say we're working from home.

But there are downsides too. The very technology that lets us work from home can also trap us in a never-ending cycle of constant connectivity. When our colleagues and our superiors know we're connected, it's easy to assume that they expect us to respond when they call - even if it's out of hours. This poses a number of problems. Such as:

  • Difficulty switching off from work.
  • Interruptions to family or leisure time are caused by 'checking in.'
  • Stress brought on by the above.
  • Data and information security issues associated with home networks.

Recent research we conducted has found that, while on the whole, the UK workforce benefits from being able to work from anywhere, connect easily and fit their work around their life a little better, the downsides are significant too.

Social Media

For example, of the 1,000 UK adults we surveyed between April 2nd and April 24th 2017, just over one-third (35%) said that they'd been contacted by a senior colleague about a work matter via a social media app.

So even for those disciplined enough to avoid work emails out of hours, it's clearly very hard for them to get away from work when they need to.

Perhaps more alarmingly, 18% said they'd responded to a work-related message after going to bed. 

Email in Bed

Of the 18% who reported this, the vast majority said they regretted doing so.

There's another problem here too. Business emails regularly contain sensitive information. So when people operate outside of their company's information security structure, they must be more careful than usual. Working from bed late at night doesn't appear to be compatible with this requirement.

And ensuring work emails are encrypted and secure doesn't prevent this. A significant number of adults admit to using their personal email to send and receive potentially sensitive information while out of the office. Of those who did it, the majority (89%) said they felt forced to do it because connecting via VPN to the office network or sharing in other secure ways is too time-consuming.

Personal Email

The study also covered password management. Of those surveyed, 62% said they'd had to reset a work-related password after forgetting it. Data from a separate study we conducted from a selection of UK businesses last year found that password reset requests go up on average by 19% during August and 12% in January, compared to the national average. Most password resets were requested after an employee returned from an extended period of time off, either during summer or Christmas.

So what can be done?

First of all, the biggest security risk when employees are migrating over to a web-based email account for work reasons is security. They may have their password autosaved; it may be easy to guess. Free, personal email addresses typically don't enforce the same level of information security as the less-intuitive office favourites. So if you are a work-from-home type and have been a bit lax on your personal email security, do yourself (and potentially your employer) a favour, a read on.

We're all facing a password meltdown. With so many products, services and utilities available online and each requiring a password for access, it's extremely easy to lose track of them all. Forgetting passwords can be extremely frustrating and a real-time drain trying to reset them, disrupting both your work and personal time spent online. Here's where password manager apps could possibly help. We're told that for security, we need to choose different passwords for each account, change them regularly and never write them down but do we all have enough brain space to remember them all? Of course not; it's near impossible to expect one person to remember hundreds of different usernames and passwords without a photographic memory. So, what's the solution to keeping on top of it all?

Are Password Managers the answer?

Millions of people rely on password manager apps and software to keep their passwords safe and enable them to access every account easily. These apps securely store all of your individual passwords, locking them away in a virtual vault. All you need is one super strong password to access all of them, so just one tricky combination of letters, numbers and special characters rather than hundreds of them. But doesn't this make your passwords vulnerable? It's important to note that password manager apps aren't the same as when your browser offers to remember passwords for you. This option isn't very secure, but where password manager software is different is in the way it stores your passwords.

All of your information is encrypted, which means that it is not accessible or guessable to any hacker or potential identity fraudster that comes along. Most of the big names in this technology depend entirely on their reputations, so if they are hacked or lose passwords, no customers will ever trust them again. Password manager apps keep all of your personal data off browsers and websites, where anyone with malicious intent can access it. They act as the gatekeeper for your private information, including passwords. For your convenience, though, these apps allow you to login into all the sites and accounts whenever you need to; you enter your vault password, and the app does the rest of the remembering for you. As for which password manager to use, there are plenty to choose from. Look for well-reviewed managers like LastPass, KeePassX, Dashlane, 1Password and Sticky Password.

How to create strong passwords

If you're considering using password manager apps or you want to develop stronger passwords (and you're confident you can remember them all), you'll need to know how to create an uncrackable password. Good password managers should help you to create a strong master password to unlock your vault; in fact, they should indicate the strength of any given password and not let you continue until the combination you've chosen meets a minimum standard. Here are some other handy tips for creating mega-strong passwords:

  • Long passwords are always more secure. This is obvious, as the more characters there are and the more complicated the password, the longer it will take someone to crack it.
  • Random string passwords are easier for you to remember but harder to crack. This means passwords consisting of random but clearly recognisable words. For example, 'wool-candle-frog' or 'bicycle-bun-Japan'. When testing these unconnected words on sites such as Dashlane sponsored, these combinations prove difficult to crack. You can remember them, but as long as they aren't directly connected to you or each other, a hacker would have a lot of trouble cracking them. You can even use random objects in the room you regularly work in (i.e. 'sofa-mouse-cooler'), as long as they aren't too obvious or office/desk related.
  • Avoid common password add-ons. As many sites require you to include a number and/or special symbol, don't simply choose the most obvious; hackers will try these first. For example, adding the number 1, a hashtag or your birth year to the end of a password.
  • If fingerprint authentication is available, use it. Many smartphones and apps now use fingerprint recognition to sign you in, rather than passwords. Unlike passwords, this can't be replicated or guessed, and it's quicker than entering a password. Just make sure you've got dry, clean hands!
  • Change your password occasionally. Unless you work for a top-secret government department, changing your password every week or month isn't necessary. Just make sure you change it to something completely different every once in a while, such as every 6 or 12 months.
  • Don't use the same password for everything. This goes without saying, but you should also make sure not to use different variants of the same password. This is because if the worst happens and your password is leaked, guessed or stolen, and you're using a similar version elsewhere, it will potentially put all of your accounts at risk.

Remember to stay calm when it comes to creating and managing passwords. Most online platforms, such as bank websites, have security procedures in place to protect your accounts from malicious attacks. They won't allow thousands of incorrect guesses, so you must ensure your password is strong enough to protect it from just a few lucky tries.  

Password recovery

Sometimes, resetting a forgotten password isn't an option. For example, if you forget your Windows administrator password and need to gain access to your files from a crashed computer. If you haven't backed up your vital data, you've forgotten the password, and there's no way of resetting it, you could be in serious trouble. For this kind of nightmare scenario, technology comes to your rescue again. Password recovery can be useful for bypassing forgotten administrator passwords and accessing those all-important files. They can also help parents worried about their children's online activity and law enforcement and private investigation professionals.