Your Firm and Client Portal and its included Secure File Exchange is extremely secure. With 14 full layers of security, your clients’ sensitive files are safe behind the Portal’s walls.
Your clients’ files are completely encrypted during storage and backup in our SAS 70 Certified Datacenter where they are protected from hackers through, among other security features, brute force login protection, forced SSL transfers, SQL injection protection, a cutting edge firewall and virus scanner, and an award-wining intrusion prevention system. However, despite all the security features included with the Secure File Exchange, your clients’ files are only as secure as their account’s password.
If one of your clients chooses a weak password, the security of the files stored in his account can be compromised, but if a Firm or Admin user’s password is compromised, all of your clients’ files are at risk, and an Administrative user can lock you out of your portal completely- so it’s very important that your users’ passwords are as secure as possible.
What makes a password secure?
Make them long
If you do nothing else, make your passwords long. Each extra character in your password increases your protection many times. Firm Portal passwords require a minimum of eight characters and the Client Portal requires a minimum of six. Fourteen characters or more is even better.
Combine letters, numbers and symbols
The greater variety of characters there are, the harder it is to guess a password or systematically try every possible password. Try inserting numbers or symbols in your password. Additionally, your Portal recognizes the difference between capital and lowercase letters, which doubles the number of possible letters you can use in your password.
Avoid real words
Using common password cracking tools, an attacker can quickly try every common word, name and phonetic pattern. Your portal is protected from these brute force attacks through the use of a CAPTCHA to discourage automated login attempts. Still, a secure password is an obscure password, so it’s best to avoid real words or names whenever possible.
Do not use personal information
If someone who knows you is trying to guess your password, he’ll likely know your name, the name of your CPA or Accounting firm, your pet’s name, children, date of birth, or other personal information. Leave that info out of your password to prevent a lucky guess.
Don’t repeat passwords
Your portal is secure, but if another online web service isn’t as secure and you’re using the same password for both, a security breech for the other service would also compromise your Firm Portal account. Use a unique, secure password for every login.
Change your password
The longer you use a password, the more likely it is that it will be lost, stolen or compromised. By occasionally choosing a new password, you’ll reduce the chance of a stolen password being used by an attacker.
Check your password:
Microsoft.com provides a great password checker. By simply entering text into the field, it will rate the security of your password. If your password isn’t secure enough, PCTools.com offers a free secure password generator.
By using your Firm Portal and Secure File Exchange you can rest assured knowing that your site, and your client’s files are secure from prying eyes and safely stored. We’ve gone overboard with security on our end, but by being aware of password security on your end, you can ensure that your clients’ data is as secure as possible.
If you’d like more information on the extreme measures CPASiteSolutions takes to ensure the protection of your clients’ data and our clients’ sites, please take a look at our CPA Website Security Precautions page.