Creating secure passwords and storing passwords safely are an important part of keeping your website secure. We have all seen news stories highlighting loss of important data due to hacking. Hacked weak or stolen passwords are the cause of 81% of data breaches. Protect your website security by following secure password guidelines.
1. Create a complex password
123456 is not a secure password. Hackers can run thousands of passwords per second through their software, but if you have a complex password you will slow them down and most likely keep them out. The more complex your password, the higher your chance of successfully blocking hacking attempts.
- Use more than 7 characters
- Use at least one number
- Use at least one upper case letter
- Use at least one lower case letter
- Use at least one special character such as ! $ * # ( ) % &
- Avoid the most common passwords
In the past, people recommended replacing letters with numbers or special characters to create words. This is no longer effective. Hackers have modified their programs to account for this behavior.
2. Make it difficult to guess
If you have a password based on personal information, you are making it easy for someone to figure out. Do not make it easy for someone to take over your website by using information that can easily be found on social media. We recommend using a password generator that allows you to choose more than six digits, upper and lower case characters, numbers, and special characters. This combination is difficult to guess, and is difficult for hacking software to crack.
3. Do not share your password
This might seem obvious, but you would be surprised how often a shared password is the cause of a break in security. Never send your password through email. Email can be sent unencrypted, and sharing your password this way can have devastating results.
Take precautions to ensure that you and your staff are not sharing passwords.
Evaluate the need for someone else to have a password. A guest blogger, for example, can and should have their own username and password that allows them access to the blog and not the rest of your website. You should not give anyone your password. There are no circumstances where that is necessary. It is better to create a new username and password for the other person with permissions set correctly for their intended use.
4. Change your password
One way you can eliminate the chances that someone has your password is to change it often. If you have multiple staff accessing your website, it would be a good idea to require them to change their password regularly as well. This will reduce the chances that their password has been shared — even accidentally — and will be used by someone that should not have access.
5. Use different passwords
If your strategy has been to use the same password everywhere, you are leaving yourself open to being hacked on multiple fronts. It is best practice to have a different password for each application. If you have multiple people logging in with the same password, you should change those as well.
6. Test your password
Want to know how easy it would be to hack your password? Try testing it. If it will take less than years to crack your website, you should be changing it as soon as possible.
7. Post-its are not secure
Remembering long complex passwords can be difficult, but you do not need to use our favorite sticky notes or rely on your memory to keep your passwords safe. There are services that can help you keep your passwords safe across your devices. We have used LastPass and 1Password in the past, and can recommend them. (We are not affiliates, and we get nothing for the recommendation.)
LastPass is simple to use, and has several features for home and business use. We recommend trying the free trial version first to see if it is a good fit.
Features:
- Browser extensions for all major browsers
- Device version for download
- Families for home use
- Local-only encryption
- Two factor authentification
- Generates complex passwords for you
- Automatically offers to store website logins for you securely when you log in the first time
1Password is also simple to use, and has several features for home and business use.
Features:
- Browser extensions for Chrome, Safari, Firefox, and Opera
- Device version for download
- Families for home use
- Triple encryption
- Secret Key
- Travel protection
- Generates complex passwords for you
- Automatically offers to store website logins for you securely when you log in the first time
You are your first line of defense. Keep your passwords secure.
We cannot stress enough how important it is to keep your passwords secure. People with the best intentions have failed to protect the security of their websites and data by missing important steps in creating and securing passwords. Do not let that happen to you!