You visit a website and it's time to create a new account, part of this process is to create a password, a secure password.
It’s hard to remember one secure password, let alone multiple ones. You spirits drop as your go-to password fails and the security suggestions prompt you to add more numbers and unique characters.
Everyday hackers gain new insights on how to break passwords, and password lists created from breaches continue to put your accounts and site at risk. Is your password going to hold up against a brute force attack?
Brute Force Attacks versus Passwords
Your admin panel or FTP accounts are supposed to be the only way you and a few select team member access your site. The strength of your passwords are often the only thing stopping malicious visitors from gaining unauthorized access.
One example of this is when you receive multiple failed login attempt emails (you do track failed login attempts right?). This is known as a brute force attack, where bots are continuously trying to login by guessing users most common passwords. These brute force bots are relentless, attacking 24/7/365 — after all they are just a program trying to guess your password. The harder your password, the less likely they are of getting into your personal accounts.
If a brute force hacker does gain access to your site through FTP or the administration panel, all that hard work you’ve put into your SEO rankings and reputation will be destroyed. Depending on the nature of the bot, within seconds of gaining access your site visitors could start receiving spam, you site can be corrupted with malware.
However, by creating strong and secure passwords, coupled with changing your passwords regularly, you’ll be ready to stand up to these brute force hacking tactics.
Did you make a Good Password?
Let’s start with some key factors required to make a strong password.
We’ve all heard this before, but people still use password123, or God123456, even 123456. Common terms and sequential letters and numbers will be guessed within seconds. Another common practice of birthday or name are found without much effort by anyone on the web, don’t use them!
The longer your password, the better. The mathematical probability of guessing your password the longer it is becomes much harder. It’s finite math.
More characters equals a stronger password! When partnered with…
The addition of unique characters and numbers make your password much more different from another password. People use their child’s name for a password, Bobby – easy to guess. Obscuring it with numbers, characters, upper and lower case letters, Bobby becomes [email protected]&)-$. How hard is that to guess?
Lastly, you’ve spent time making a long, complex password so it’s unique, now never re-use them on multiple sites and accounts. If one is compromised, they all are compromised. Ensure the compromised account or site is isolated. This avoids the devastation that can occur not only to your website(s) but to your personal life as well.
A great free tool for checking or creating your password is Password Meter from Safety Detectives.
Remembering your Passwords
I know you’re sitting here now saying, that is so many passwords to remember, how am I going to manage this? Let me introduce you to our favorite password managers, LastPass, Keeper and Dashlane. They keep all your passwords in a secure vault and have browser extensions to auto-fill passwords. They’ll even generate the hard, secure passwords for you. How great is that?
The wrap up
Passwords are one of the most mis-used or unenforced account and website security component. By enforcing the use of strong passwords, you exponentially decrease the chances of a hacker gaining access to your accounts and website.
Simply add more characters and numbers to your password to help ensure it is not easily guessed and compromised.