LastPass: Making Magic of Passwords

Magic!
Magic!

If you’re anything like me, or even nothing like me at all, you are probably logging into multiple sites each day – several times a day!

On any given day, I can be logging into 4 Gmail accounts and 5 Salesforce instances. Remembering all those usernames and passwords can be quite a task.

Enter LastPass*, a simple application that sits quietly in your browser until you need it. And then the magic happens!

With LastPass, you can save usernames and passwords to just about any website.You can store them in folders and give the saved logins names for easy identification. When you reach a login page, you simply chose the correct login match and login. On a new website or using a new login? No problem – you can save the information on the fly! Also, you LastPass account can work across all your devices. Once installed, you have the same saved logins wherever you are.

While there are other browser extensions that retain passwords (especially for Salesforce), I chose this one not just because it was recommended by a friend*, but also because it can save all types of passwords.

Happy Passwording!

*As of 2014, 84% of consumers say they either completely or somewhat trust recommendations from family and friends about products – making these recommendations the information source ranked highest for trustworthiness.

Disclaimer: I am not advertising or receiving any kickback for this post.

Security: Theory or Reality?

Security has taken over our lives.The average person has over 6 passwords that they use regularly. Our homes, phones and computers are flooding with security controls, apps and codes. But can we really control this?

Enter Salesforce

Salesforce has layers of security features to create a super strong infrastructure. There are features to secure your org, your users and your data. A general understanding of the available options is essential to creating a powerful and complex security model. The best place to start learning this is by watching this video series.

  • Password Policies: Studies have show that most people create simple and easily guessed passwords for even the most sensitive of data. As an administrator, you should consider enforcing password policies regarding the length, character usage and expiration time of each password.
  • Login IP Ranges: Set this for your organization (users can request an authentication code to login from an outside IP) and/or on a profile level to limit user’s access to predetermined IP ranges.
  •  Login Session Times: Limit the time a user (based on profile) can login  to Salesforce. **Note, that leaving it blank does not lock them out, it gives unlimited time for that day. The start and end time should be the same to lock them out for a specific date**
  • Object Access, Organization-Wide Defaults, CRED Permisions, Hierarchy etc: There are the key to data security, control, access and visibility in your org! Again, There are the key to data security, control, access and visibility in your org!
  • Data Backup: If you don’t have your data regularly backed up, do so now. I mean it. Stop reading this….go backup your data!

BEAR IN MIND:

CRED = What a user can DO

OWD = What a user can SEE

These serve as a baseline for your organization security. settings. For example, although a user may be granted access to see records through role hierarchy, they will not be able to edit unless they have “Read” permissions for that object.

Always start with the most restrictive settings and open access as needed. It is easier to open then restrict as needed (think Hierarchy and Permission sets – they open access).

BEST PRACTICE:

Create a chart listing all all users/profiles along with the CRED and OWD settings they should have per object. This will guide you as you build you security model. Ask yourself questions as to what data a user needs to see, to edit. This will help you determine the appropriate features and settings needed for your org.

“With great power comes great responsibility”