Password Security, and Ways to Ensure Your Password is Safe

*This post contains affiliate link(s). An affiliate link means I may receive an advertising/referral fee if you make a purchase through my link, without any extra cost to you. You can read more on my affiliate disclosure HERE.

We often hear from our clients that website security isn’t that big of a deal since they don’t have the big of a site. Who would come after them? The truth is, any site, no matter how large or small, is at risk for an attack. 

In fact, the security breach doesn’t even have to come through your site. For example, in November 2021, GoDaddy announced a breach that exposed the database passwords of more than a million customers on their Managed WordPress hosting. 

This was an enormous breach that gave the hackers access to several things including the original WordPress Admin password that was set at the time the Admin username was set up. For that reason, GoDaddy reset the original WordPress Admin passwords that were still in use along with other things to stop the threat. 

We know that creating secure passwords and managing them is time consuming and frustrating, but weak passwords can give hackers access to information that can cause you significant issues. 

So, what are password security best practices and how do you manage to keep them all straight? Here is what you need to know. 

1. Avoid Common or Simple Passwords

Sure, it is next to impossible to remember a difficult password which is why people are tempted to use simple or common phrases or string of numbers for their accounts. Are you guilty of using one of these top 10 common passwords?

  • 123456
  • Password
  • 12345
  • 123456789
  • Password1
  • Abc123
  • 12345678
  • Qwerty
  • 111111
  • 1234567

Any one of these passwords can be cracked in less than a second and expose your website, bank account, email, or any account you’ve set up with that information. 

2. Use a Different Password On Every Site

Again, using the same password for multiple accounts is another common thing that people do that puts them at risk for someone to hack into their account. The hacker doesn’t necessarily have to target your account specifically. For example, they may target the bank you use and your password gets exposed to a data leak. If that’s the case any other account that’s associated with that password is also at risk. 

In events like this, if you are logging into an account that has a password that was associated with a data breach, you’ll usually see a notification that states that. If you see that notification, you need to change your password immediately. 

3. Change Weak Password Every Three Months

You might be thinking, “Every three months? Isn’t that excessive?” Not at all if you are using a relatively weak password. Or, if you are using the same information across multiple platforms. However, using a weak word with an extra number or special character to meet requirements to sign up for an account still puts you at risk no matter how often you change it.

4. Create Strong Passwords For Every Account

The best way to keep your accounts from being hacked is to create a unique, strong password every single time you need to create logins for something. If you have a difficult to crack string of letters and numbers, you reduce your risk of someone gaining access to your accounts. 

A strong password has: 

  • A mixture of upper and lower case letters
  • Numbers 
  • Special characters
  • Random sequence of letters and numbers that don’t spell something
  • 12 characters at the minimum

Most platforms have a requirement of at least a few of these things for you to create a password that’s accepted. The reason for this is that they minimize the risk that a hacker can gain access to their platform through your weak word combination. However, most platforms don’t require everything listed here. 

5. Use a Password Manager

You may be wondering how on earth you can possibly create a unique string of letters and numbers for the dozens of accounts you manage. The best, most secure way of doing that is to use an encrypted password manager. 

Companies like LastPass, NordPass, or 1Password will allow you to store your login information for any account that you create. They can also be used on most devices and computers so you always have access to your information. 

These systems are designed to generate unique, strong passwords anytime you need one and then store your login information so it can auto-populate when you need to login to an account. 

6. Enable Two Factor Authentication

Adding an additional step to your login process may be annoying as it’s just one more thing to remember, however having two factor authentication on your logins means that you always need to have access to your phone to access your site. This too limits the probability of a potential password break into your website.

Google Authenticator is the one that we prefer, however, there are many authenticators out there that you can use.

Contact Us Today For Website Security

Getting into your website through your password is only one way that a hacker can use to break in. Every plugin on your website or theme (active or not), is a security risk to your site. That’s why it’s important to have someone in charge of running updates on your site as well as providing malware scans and removal. 

Contact us today and we will discuss how we keep our client’s websites safe. We look forward to hearing from you.

Facebook
Twitter
LinkedIn

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Recent Posts

Keep Connected

Load WordPress Sites in as fast as 37ms!
Envato Elements

Ready to use Graphic Assets

Start Now