Several new clients have come to us because they have a hacked website. One factor that greatly affects the security of your website is your password. Hackers can (and will) get into a website that uses weak passwords.
A password is your first and last line of defense in computer and website security. Typically people choose bad passwords because they are easy to remember. However, you wouldn't leave the door to your home unlocked because it is too much of a hassle to unlock it before you open the door, would you? A weak password is the same thing.
Using words that appear in a dictionary, in any language, make cracking your password that much easier. Adding numbers to dictionary words doesn't increase the password's strength at all if it is based on a dictionary word. Even with character replacements like capital letters and non-alphanumeric symbols, you're not getting a stronger password.
A true strong password should consist of 8 or more characters and be part of a “passphrase”. A passphrase consists of a phrase that has special meaning to you, therefore making it easier to remember. For example:
Mickey Mouse for President. It would be awesome!
One simple approach to create a better password is to take the first letter of each word in your passphrase, giving you:
That looks seemingly random, and it's a fairly hard password to crack. But why not make it harder by using the punctuation from the sentence?
Now that is a much harder password to crack. Why stop there, though? Let's make it even stronger by capitalizing some letters and adding numbers.
Now you have truly difficult password to crack; but is still fairly easy to remember. To make it even stronger, you can salt it with non-alphanumeric character replacements for greater difficulty. For example, replacing an “a” with a “@” leaving you with:
Do's and Do Not's of Password Security:
- Combine letters, symbols, and numbers that are easy for you to remember and hard for someone else to guess.
- Create pronounceable passwords (even if they are not words) that are easier to remember, reducing the temptation to write down your password.
- Try using the initial letters of a phrase you love, especially if a number or special character is included.
- Take two familiar things, and then wrap them around a number or special character. Alternatively, change the spelling to include a special character.
- Use personal information such as derivatives of your user ID, names of family members, maiden names, cars, license plates, telephone numbers, pets, birthdays, social security numbers, addresses, or hobbies.
- Use any word in any language spelled forward or backward.
- Tie passwords to the month. For example, don't use “Mayday” in May.
- Create new passwords that are substantially similar to ones you've previously used.
Note: No password is 100% secure. You still must take basic security precautions such as not sharing your password with others, changing it frequently and changing it immediately if you believe it may have been compromised.