If you have back end access to your site, it’s vitally important to use secure, unguessable passwords – something like this: eA8iZvXoMi7w
The same is true of email accounts.
Why do I need secure passwords?
Today it’s common for website login pages to be bombarded with automated attacks that ‘guess’ passwords and try them against common user names. It’s relatively easy for these attacks to gain access to the website’s user names, so secure passwords are the only way to stop them.
This password guessing is known as a dictionary attack, where the hacker runs a list of common passwords against your website. If that doesn’t work then the next stop is a Brute Force attack, which tries generating random passwords to get in.
In our WordPress sites we never use the default ‘admin’ user name, and we generate secure passwords.
What is a secure password?
A secure password should include both upper and lower case letters, numbers and even some punctuation – but the letters must be random.
The number of characters in your password is also important – eight characters can be cracked quite quickly, while 12 increases security dramatically.
Don’t be tempted to use a word that appears in a dictionary (in any language) or a name, even if you substitute some of the letters for numbers – for example, replacing an e with a 3: Hackers are clever people and they have already thought of that!
How to generate secure passwords
The best way to generate secure passwords is to use an online password generator. There are plenty available but here’s one example.
How Big is Your Haystack provides a nice way to test your passwords against known ‘brute force’ methods used by hackers.
Better still is to use a service like LastPass, which stores your passwords safely in an encrypted ‘vault’, prompts you went you need to enter your passwords, and will also suggest secure passwords when you are creating a new login. LastPass is free for most users, with a paid for version for extended functionality.