We’ve gone to many measures to bolster the security of eCatholic websites (including FREE SSL certificates for everybody!). And yet, your website security could be at risk because of simple things you’re doing (or not doing) as you manage your website. Thankfully, they can be fixed in just a few minutes!

Here are three quick and simple things you can do right now to build an even more impenetrable fortress around your website.

Action Item 1: Secure/update your password

secure password

Passwords can get moldy quickly…and if the password for your website admin user account was stale to begin with, it’s probably time to give it a refresh.

Is your password generic (e.g., church, Parish1234, password)? Do you use it as a password to log in to other websites/accounts? Is it being used by multiple members of your organization? If the answer to any of these questions is “yes,” you could be exposing your website to an unnecessary security risk. Take one minute and change your password to something better!

However, this naturally leads to two common questions:

  1. What makes a good password anyway?
  2. How can I possibly remember unique, strong passwords for all my online logins?

These are very valid concerns, indeed. Here are two ways to address them.

How to create and remember strong passwords

First, eCatholic’s new Password Checker feature will help your users create better passwords. The “Change Password” screen includes a strength indicator meter that grades a password as you create it. Bad passwords won’t be allowed, so keep trying until you create a password that survives the checker. All passwords that make the list of the 100 most common passwords will be kindly (and consistently) rejected.

At a minimum, this new feature will certainly wipe out any lingering “111111” passwords at your office. But you could take it a step further…

Second, consider purchasing a password management tool for your organization if you’re ready to get serious about password security. Our eCatholic team uses LastPass for password management. Each team member creates a single “master password,” then LastPass does the rest. In fact, LastPass automatically generates secure passwords for all your personal and professional online accounts. No more sticky notes on your computer screen. No more rigmarole of forgetting passwords. And (most importantly) no more lame (i.e., insecure) passwords. ?? On top of it all, LastPass offers a free version for single users as well as a paid “Enterprise” plan for businesses.

Action Item 2: Don’t let multiple people log into a generic user account

website admin users

Make sure all your team members have their own unique admin user account; your account should be your account. Avoid creating and sharing generic logins among multiple staff members.

This one’s pretty straightforward. Having a single admin user account for multiple people creates security concerns on many levels. Check with your website provider to see if there are restrictions on the number of admin users you can create. If you’ve maxed out, resist the temptation to share user accounts…and perhaps it’s time to upgrade to a plan that better fits your organization’s needs. If your website is powered by eCatholic, you automatically have the ability to create an unlimited number of admin user accounts. All eCatholic plans include no limits on user accounts – take advantage of this!

Action Item 3: Review (and clean) your list of admin users

website admin user list

We recently crunched some numbers on all eCatholic users and discovered some eyebrow-raising results:

  • Nearly 1 in 4 eCatholic admin users never logged in to their website in 2016.
  • More than 1 in 10 eCatholic admin users have never logged in to their website. Ever.

Now would be a great time to log in to your website and review your list of users. (If you’re the administrator of an eCatholic website, log in and click on Administration > Admin Users to view the list.)

Obviously, if you spot someone who 1) No longer needs access, 2) Doesn’t work for your organization any more, or 3) Was somehow mistakenly added as a user, zap these accounts from the list right away! This will help you keep your finger more firmly on the pulse of who’s logging in to make changes on your website.