We often hear from our clients that website security isn’t that big of a deal since they don’t have the big of a site. Who would come after them? The truth is, any site, no matter how large or small, is at risk for an attack.
In fact, the security breach doesn’t even have to come through your site. For example, in November 2021, GoDaddy announced a breach that exposed the database passwords of more than a million customers on their Managed WordPress hosting.
This was an enormous breach that gave the hackers access to several things including the original WordPress Admin password that was set at the time the Admin username was set up. For that reason, GoDaddy reset the original WordPress Admin passwords that were still in use along with other things to stop the threat.
We know that creating secure passwords and managing them is time consuming and frustrating, but weak passwords can give hackers access to information that can cause you significant issues.
So, what are password security best practices and how do you manage to keep them all straight? Here is what you need to know.
1. Avoid Common or Simple Passwords
Sure, it is next to impossible to remember a difficult password which is why people are tempted to use simple or common phrases or string of numbers for their accounts. Are you guilty of using one of these top 10 common passwords?
Any one of these passwords can be cracked in less than a second and expose your website, bank account, email, or any account you’ve set up with that information.
2. Use a Different Password On Every Site
Again, using the same password for multiple accounts is another common thing that people do that puts them at risk for someone to hack into their account. The hacker doesn’t necessarily have to target your account specifically. For example, they may target the bank you use and your password gets exposed to a data leak. If that’s the case any other account that’s associated with that password is also at risk.
In events like this, if you are logging into an account that has a password that was associated with a data breach, you’ll usually see a notification that states that. If you see that notification, you need to change your password immediately.
3. Change Weak Password Every Three Months
You might be thinking, “Every three months? Isn’t that excessive?” Not at all if you are using a relatively weak password. Or, if you are using the same information across multiple platforms. However, using a weak word with an extra number or special character to meet requirements to sign up for an account still puts you at risk no matter how often you change it.
4. Create Strong Passwords For Every Account
The best way to keep your accounts from being hacked is to create a unique, strong password every single time you need to create logins for something. If you have a difficult to crack string of letters and numbers, you reduce your risk of someone gaining access to your accounts.
A strong password has:
- A mixture of upper and lower case letters
- Special characters
- Random sequence of letters and numbers that don’t spell something
- 12 characters at the minimum
Most platforms have a requirement of at least a few of these things for you to create a password that’s accepted. The reason for this is that they minimize the risk that a hacker can gain access to their platform through your weak word combination. However, most platforms don’t require everything listed here.
5. Use a Password Manager
You may be wondering how on earth you can possibly create a unique string of letters and numbers for the dozens of accounts you manage. The best, most secure way of doing that is to use an encrypted password manager.
Companies like LastPass, NordPass, or 1Password will allow you to store your login information for any account that you create. They can also be used on most devices and computers so you always have access to your information.
These systems are designed to generate unique, strong passwords anytime you need one and then store your login information so it can auto-populate when you need to login to an account.
6. Enable Two Factor Authentication
Adding an additional step to your login process may be annoying as it’s just one more thing to remember, however having two factor authentication on your logins means that you always need to have access to your phone to access your site. This too limits the probability of a potential password break into your website.
Google Authenticator is the one that we prefer, however, there are many authenticators out there that you can use.
Contact Us Today For Website Security
Getting into your website through your password is only one way that a hacker can use to break in. Every plugin on your website or theme (active or not), is a security risk to your site. That’s why it’s important to have someone in charge of running updates on your site as well as providing malware scans and removal.
Contact us today and we will discuss how we keep our client’s websites safe. We look forward to hearing from you.