In our last blog post, we discussed why you need good secure passwords for your online life. In this post, we are going to give you some helpful ideas on how to maintain a secure set of strong passwords.
I deal with a lot of websites and a lot of clients. These websites sometimes get compromised, and these clients are often to blame. Let me explain.
Many websites, these days, are built upon some sort of Content Management script. There is WordPress, Joomla, Drupal, Light CMS, and so forth. While these scripts make working with websites easier in some respects, they also make life a little trickier. Many of my clients want a CMS like WordPress, so that they can log in and make small changes to the website, such as adding a new blog post. A good CMS is great for this purpose. However, that login information is a vulnerability when it comes to site security.
When I set up a new user on one of these sites, I use a random password generator to create a strong password for them. Once I give them this password, however, most of the clients will go change it to something they can remember. That is where the problem starts. A simple, short password can be cracked by software in absolutely no time. A 4 character, all lower case password can be cracked in less than 1 second. Let me say that again, “Less than 1 second”. “My password is longer than that”, you say. Okay, a 10 character complex password can be cracked in less time than you have been reading this article, using modern AI technology.
This would not be too much of a problem if people used passwords that were a minimum of 8 characters and that used upper and lower case letters and numbers in a random order. The random part is important. Many password crackers use a list of common words and the dictionary as a basis for starting to find your password. Even a long, common word will be cracked pretty quickly. Plus, many people use very common words and phrases or sequences as a password. I use a security log on most of the sites I build, and it will tell me when someone has failed to sign in and what password they tried to use. This gives me a list of passwords NOT to use. Here are a few: password, 111, 1234, 1q2w3e4r5t (seems random until you look at your keyboard), admin, qwerty123, admin1234, pswd, abcd, admin1 and so on.
So What Do I Do?
If you want to stay secure online, here are some ways you can do that.
- Generate a good, strong password. There are several password managers out there that can not only help you generate a random password, but remember it for you as well. There are also several good free password managers if you don’t need anything so robust. Make sure the password is at least 15 characters or more for best security. Over half of the 11 character passwords used by people can be cracked in under 1 minute. These password lengths and times to crack are only going to get worse as we go along.
- Don’t use the same password over and over. If you use the same password in more than one place, you run the risk of having one compromise becoming a complete takeover of your online life.
- Don’t use common words or dictionary words. We have already discussed why this is bad.
- Be careful of how you store your passwords. If you keep a written or typed list of your passwords, you run the risk of someone copying that list and having access to your online world. Many security breaches come from physical surveillance and information gathering. Some hackers get sensitive data from the dumpster of the company they hack into. If you keep a written or typed list, make sure it is in a safe place. This is especially true if you work in an office environment with others.
- Use common sense. This seems like an obvious one, but most people don’t really think about their online security very much. A little paranoia and common sense can go a long way.
So now you have some ideas of what to do and what not to do when it comes to password security. Take a minute and try out some of the ideas listed here and then, pass it along to someone else you know and love. You may save them some trouble down the road, as well.