We all have passwords. Most of us know that our passwords need to be stronger and more secure. Sure, a super strong password may not matter for that new coupon app you just signed up for, but regarding your website, a strong password is critical.
WordPress is the most common content management system (CMS) and it’s also the most hacked. Weak passwords are a significant cause of these hacks. Today, we’ll share tips on password management and we’ll help you make strong passwords.
One Password for Everything (Don’t Do It)
You’re staring at that empty password box. You have a choice:
- Create yet another unique password to write down on a wrinkled, scuffed up, messy list of passwords that you have to fish out of your drawer at least twice a week because you forgot a password…
- Use an easy password you’ve memorized—the same one you’re using on seven other accounts!
It’s so easy to use option B. But we’re here to beg you not to do it, because it’s a huge security threat. Your tendency to reuse passwords is what hackers look for and why they succeed.
If you use the same password across multiple accounts and hackers gain access to just one of those accounts, they will attempt to use the same password on your other accounts—including emails, bank accounts, and social media accounts. Every day, people are victimized by hacks like this.
What Exactly Is a Weak Password?
‘Test123’ or ‘password1234’ are easy to remember and type, but are incredibly weak.
So is using your name, address, nickname, pet’s name, or birthdate, birthplace, elementary school… simple passwords like these are easily hackable.
Weak passwords are also shorter, with less variety in characters.
How Passwords Are Cracked
When you envision a hacker, are you thinking of someone manually typing in guess after guess? Turns out password hacks are generally done by a computer. There are two primary ways hackers accomplish this.
A brute force attack is where a hacker runs a complex script which tries repeatedly to crack your password. You can defend yourself from a brute force attack by creating long passwords with a variety of numbers, letters, symbols, and capital letters.
A dictionary attack is where a hacker runs a script that refers to a dictionary of well-known passwords, digits, and words. One way to prevent this type of attack from happening is to mix numbers, symbols and upper- and lower-case letters in your passwords.
Choosing Strong Passwords
To avoid a brute force or dictionary attack, remember password entropy as you’re choosing your password. The higher your password entropy, the less predictable your password patterns are for a computer, and your password is therefore stronger and more secure.
Password entropy is primarily increased with: increased length, and a mix of upper and lowercase letters, numbers and symbols.
Let’s try creating a password with strong entropy. We’ll start with the sentence, “I love to create strong passwords.” By substituting characters with numbers and symbols as well as alternating between upper and lowercase letters, we end up with a password like iLove2Cre8$tro#gPa$Sw0rds. This password is incredibly strong, and essentially uncrackable with the current state of technology.
5 Tips and Tricks to Setting Strong Passwords
Password Managers Are Key
Don’t store all of your passwords in a note on your phone. This is very insecure. Password managers securely manage all of your passwords and you can have a peace of mind knowing each password is encrypted and is not accessible until you decrypt your account. Not only do password managers store your passwords, but they also have password generators which allow you to create super strong passwords every time.
There are several online tools which can help you generate strong passwords, including this free online password generator from Strong Password Generator. We especially like the tool’s default 16 character recommendation, and its ability to create secure passwords that are impossible to crack without sending them across the Internet.
Also, a password manager we’ve used is KeePass Password Manager and we absolutely love its features and security.
Don’t Reuse Passwords
This one bears repeating. Once a hacker cracks one password, they try that password on every other type of account. For many victims, a systemic hack affecting multiple accounts could have been stopped if each account had different passwords.
Make Your Passwords Long
Password length is very important in keeping your accounts secure. We recommend making your passwords at least 16 characters. The longer the password is, the longer it takes to crack. It may take some time to remember a password with random symbols, letters, and numbers, but these passwords are the most secure and also add a level of protection. If you prefer not to remember your passwords, use KeePass Password Manager.
Don’t Save Your Passwords in Your Browser
When entering passwords online, your browser will often ask you, “Do you want to save this password for next time?” It’s super convenient but super insecure—so don’t do it. It’s easy for a hacker (or anyone using your computer in person) to view every password saved by your browser.
Again, a better alternative here is a password manager. As an added bonus, many password managers will connect to your browser and make logging in to your accounts quicker.
Never Share Your Passwords in Plain Text
It doesn’t matter if you’re messaging a close friend, family, or spouse; sharing your password via any kind of unencrypted text—for example, sending an email—is not wise. It’s as simple as one email account being hacked and your login information is now in the hands of a hacker.
You may be wondering, if I can’t send my password via email, how am I supposed to share login info with people I trust? Password managers have a feature to address this exact situation, where you can share a link which provides access to the password. The link expires after a short period of time. Another straightforward option is to make a quick phone call and share the password over the phone!
The Extra Effort Is Worth It
Passwords are a part of daily life. Setting strong passwords is critical if you want your website and all your digital accounts to be secure. We hope the above tips were helpful!