In my design learning curve, I’m seeing a lot of little things, that once organized, make a big difference in productivity. Working with all the different places we have to log into to control a website is one of them.
I’ve got my own logins to manage for my sites (domain registrar, web host, WordPress.com, WordPress.org main site, emails). Now think about multiplying that by however many client sites you manage (whew!).
You can go Excel spreadsheet or handwritten list, or whatever creative method you have if you want to get strict about password protection. Until recently, I used an Excel spreadsheet to manage my logins. I used reminder codes for the four passwords I would make up, write on real paper, and keep for a year before starting anew.
But my logins (for everything from sites to shopping) have multiplied exponentially, it seems like! Having only four passwords to be used over again in different places seemed like a security risk, so I’ve adopted Last Pass to manage my logins. With Last Pass, I have a different random password for each login. This increases security and means I only have to memorize one password of my own: the one for Last Pass itself.
Working with client websites, I’ve learned that I often need to log in to at least their web host and WordPress websites in order to set up things like email and recommended plugins. I prefer to have a separate user login of my own, but not all entities (like web hosts) allow this. So I use the client’s login credentials and keep those in my Last Pass vault for protection.
For WordPress logins, it’s a bit easier, since multiple users are allowed. I always set up my own user account (in my Last Pass vault) separate from the site owner.
Two-Factor Authentication Challenge
This more secure method of logging in somewhere (with username, password, and a separate number sent to your phone via text message) is great for security. I am finding it a bit of a pain when working with client logins. It’s lovely that Google, for example, wants to make sure that that login from a country (or just IP address) totally different from the account owner’s is legit, but it does keep me from taking care of things without bothering the client in real time.
As an ongoing solution, I add in to my regular online meetups with my clients the need for us to set up SEO or analytics with Google. This way, we can coordinate the text message confirmation step. I’ve also plugged this extra real-time coordination into my estimate for the cost of setting up a new site.
Whether you are a designer or just a user of the Web, I’d love to know your strategies for taking care of login security for yourself and/or clients.