SECURITY
The Importance of a Strong Password
David Curtiss
I am going to share with you the importance of strong passwords not only for your website but for your entire online life. When you are done reading this you will be equipped with the knowledge of a tool I have found to be very useful for organizing and securing all of your passwords.
Passwords are annoying. Every website wants you to create an account everywhere you go on the internet. I could go on about the reasons this is necessary and how it creates a better user experience but the fact is that you have to remember another password. We all have different ways of trying to track all these passwords whether it is a spreadsheet, notebook or just using the same password for everything. We don’t tend to think about the security of our passwords until the hard drive fails, the dog gets a hold of the notebook or our Blog has numerous posts about some specific enhancement drugs and extracurricular activities…

WordPress owns the market share of websites on the internet according to many studies done on top Content Management Software (CMS) solutions. One of the biggest reasons, and probably the best reason, for this is that WordPress is FREE! Another is that WordPress is open source, meaning that the code and files that go into WordPress are available to everyone under the GNU General Public License. WordPress itself is free but WordPress development services are not. There are many developers and contributors to WordPress which makes it so powerful but tricky to balance code quality. I will save this for another article…

One study by W3Techs shows WordPress powers 59.2% of the to 10 Million websites on the internet with the runner up being at 6.1%. WordPress is powerful, free and a HUGE target for hackers. See the results of this survey here.

One of the most common forms of attack on WordPress websites is what’s called a brute force attack. Essentially, hackers program robots to crawl the web and search for WordPress installations. Once found, the robot picks the most common username, “admin”, and begins to try every possible combination of password until it is cracked.

Tip: Never use the default username.
For WordPress it is “admin”.

It is also becoming standard practice for website accounts to use emails as the username so it is easier for users to remember. The robots will also try what they think would be a typical email username. For example, admin@domain.com or info@domain.com. If the robot can guess your username it has solved half the puzzle right off the bat.

The other half of the puzzle is making it as difficult as possible for the supercomputers to crack. We are all well aware and somewhat annoyed with the password requirements that website require but it is very important. Recently a supercomputer was revealed that can run 350 billion different combinations per second! This computer can crack a 6-character password almost instantly.

Let’s do the math. Say you have a 6-character password consisting of just lowercase letters. There are 52 letter combinations for each character:

52 x 52 x 52 x 52 x 52 x 52 = 19,770,609,664 possible combinations

At 350 billion combinations per second a 6-character password would get shredded. This is exactly why websites have such strict requirements. Add uppercase, numbers and special characters to the mix and you end up with:

144 x 144 x 144 x 144 x 144 x 144 = 8,916,100,448,256 possible combinations

Using uppercase, lowercase, numbers and special characters is good but is still no match for the supercomputers. The real strength comes with using longer passwords. You can see from the pattern that a 25-character password would be a huge number of possibilities and would take many years to crack using a brute force attack.

Tip: Always use the maximum number of characters allowed for your passwords. WordPress.com recommends 30-50 randomly generated characters with uppercase, lowercase, numbers and special characters.

I know what you are thinking. How am I supposed to remember a 25-character password? That is where the password manager comes into play. There are some great password managers out there but I use LastPass and I will be showing you some examples of how

LastPass will change your online life.

Say goodbye to spreadsheets and your old beat up password keeper notebook. Using a password manager such as LastPass you will only need to remember one password for all your online accounts. Upload all saved passwords from your browser automatically and start your security challenge. You may be surprised how vulnerable your accounts are…

 

Passwords that are compromised, weak, reused or old can be automatically changed using the LastPass password generator with one click.

LastPass Features

  • Store securely
  • Autofill & Auto Login
  • Multiple accounts at the same site
  • Available on any device (Premium)
  • Strong password generator
  • Automatically saves login when new accounts are created
  • Password audit
  • Auto-Change Passwords
  • Secure notes for offline pins, combos & passwords
  • Share passwords securely
  • Two-factor authentication
  • Plugins for all browsers
  • Apps for smartphones and tablets
  • App fill
  • Fingerprint support.
  • Local encryption with most secure algorithms available
  • Offline access

Using a password manager requires you to remember a single password. The trick is to make this password long enough to be secure but easy to remember. One way to do this is to use passphrases. Basically a passphrase is a combination of random words that are easy to remember. A good passphrase generator can be found at preshing.com but it is best if you think of your own. Feel free to use spaces as well. Remember, we are going for length which is the most secure.

When using passphrases:

  • Do not use common sayings
  • Do not use quotes (I’m not talking about the punctuation symbol)
  • Do not use song lyrics

Below are some general tips from WordPress.com for all passwords:

  • Don’t use the same password twice. If you reuse passwords from site to site, then someone who hacks into one site will be able to login to your account on other sites. LastPass will check all your accounts for duplicate passwords.
  • Make sure your email password is also strong. With many online services like WordPress.com, your email address serves as your identification. If a malicious user gains access to your email, they can easily reset your passwords and login to your account.
  • Don’t share your passwords. Even if you trust the person, it’s possible an attacker could intercept or eavesdrop on the transmission, or hack that person’s computer. Use the LastPass secure sharing feature to share passwords.
  • Don’t send your password to anyone in an email. E-mails are rarely encrypted, which makes them relatively easy for attackers to read. Again, use the LastPass secure sharing feature to share passwords.
  • Don’t save your passwords in a web browser. They often fail to store the passwords in a secure manner.
  • Don’t save passwords or use “Remember Me” options on a public computer. If you do, then the next person to use the computer will be able to access your account. Also make sure you log out or close your browser when you are done.
  • Don’t write down your password. If it’s written down somewhere and someone can find it, it’s not secure. Store passwords in LastPass instead, so that they’ll be encrypted. The exception to this rule is storing unrecoverable passwords (like the master password for LastPass, or your operating system account) in a secure manner. One good way to secure them is to keep it in a safe deposit box, or locked in a safe.

Don’t change your passwords, unless you suspect they’ve been compromised. As long as you have the type of strong password recommended in this article, changing it frequently will not do anything to minimize the risk of it being compromised. Because changing them can be a burden, it often tempts people to adopt bad practices in order to make the process easier, which increases their vulnerability to attacks. If you suspect someone has gained access to your account, though, then it’s always a good precaution to change your password.

That's it! Make sure to check out our other tutorials for more WordPress tips & tricks.

Increasing Memory Allocated to WordPress

WEBDOC HOSTING | WORDPRESS Increasing Memory Allocated to Wordpress David Curtiss The WP_MEMORY_LIMIT option allows you to specify the maximum amount of memory that can be consumed by PHP. This setting may be necessary in the event you receive a message such as...

Want new articles before they get published?
Subscribe to our Awesome Newsletter.

WebDoc Hosting

WebDoc Security