What were the most commonly used passwords for 2017? 123456 and password. Yep, seriously. (This is based on data from over 5 million leaked passwords last year, according to Gizmodo.)
Others included starwars, iloveyou, monkey and whatever. Not very smart, I’m sure you’ll agree. It’s not surprising then that roughly 30,000 websites are hacked every day.
At the risk of offending anyone, using the names of our children or pets aren’t good moves either.
So, what is the secret to a secure password?
Secure Passwords: Length is Strength
Firstly, let me just say it: the secret to a strong password is a LONG password (think: 8 or more characters).
Secondly, your password should include:
- Uppercase and lowercase letters
- A number or three
- And symbols like !?$%@^_ and &
But … but before you think you have to try remember something like g8wS6RK*JH*4%z_AqxdPP7Yv$, fear not.
Something like I_Love_Cheese_4Ever! is very strong and relatively easy to remember. It’s twenty characters long, and includes uppercase and lowercase letters, and numbers and symbols
So, do these four things:
- Think of a memorable phrase that’s more than 8 characters long (it goes without saying, don’t use known songs and rhymes, etc.)
- Start each word with an uppercase letter
- Throw in a number
- Connect the phrases with a symbol
And you’re done!
Best Practice for Secure Passwords
While we could easily list a hundred points here, let me just mention five pointers.
Don’t use the same password on every account.
While you may use one password for a group of accounts (eg. all your social media accounts on one password, all your email accounts on another password, etc. etc.), you certainly don’t want to use your website’s password for your bank account.
Never save your passwords in plain text.
If your passwords are saved on your computer (eg. Notepad, Word, Excel, etc.), anyone will be able to view it. Keeping track of your passwords in a physical logbook is one way to go, but be careful if you’re using shared office space.
Use additional security measures.
A secure password is your first line of defence, but not your only line of defence. Whenever possible, enable two-step authentication processes. On your website, enable Google reCaptcha.
Avoid password managers.
While they might mean well, they’re by no means invulnerable.
Keep your software up to date.
Most software updates involve or include security improvements. If you don’t process your updates, you’re asking for trouble. Whether it’s apps on your phone, updates on your computer, or core, theme and plugin updates on your website, make sure you keep all your software up to date.
For an in-depth guide to security, see the Blogger’s Guide to WordPress Security. (While written for WordPress users, there’s heaps of information applicable to all CMS software.)
Email Security: Have you Been Pwned*?
One of the main ways hackers succeed is by breaching our emails. And by stealing our email addresses and passwords, hackers not only make inroads into our emails, but also use this information in attempts to breach our online profiles and accounts.
It’s a good practice to regularly check whether your email account as been pwned.
Just click here: Have I been Pwned?
Enter your email address and check its status. The website will inform if and where your email has been breached.
Then … immediately change your password at all your accounts that use the same email and password combination.
*The term pwned comes from the misspelling of the word “owned”, which in online gaming means to be conquered or subdued. (A designer in the online game Warcraft made the error, and the misspelling has taken on a life of its own, pun intended.)
Secure Passwords & Google
Finally, it’s worth pointing out that Google is making a bigger issue about online security. Bottom line? Websites that are vulnerable will struggle to rank well.