If you’ve heard it once, you’ve heard it 100 times: you need strong, memorable passwords. You need to protect your personal and business accounts as well as website logins. Unfortunately, creating passwords that are both “strong” and “memorable” is challenging, to say the least.
Never Use These Passwords
Splashdata’s annual list of the top 100 worst passwords is worth a quick look. The list starts with the ever-popular “123456”, followed by “password” and “12345678” (if eight characters are needed). In fact, every word in the dictionary and common numerical sequences should never be used as passwords.
How Hackers Break Passwords
Hacker’s tools become more powerful every day. Even though it’s impossible to stop all attacks, very strong passwords prevent many of the most common cyber attacks.
- Brute Force Attacks: Most people use easy to remember passwords (123456) that are easily cracked by software that keeps trying until it gets into your account. In fact, some hacker tools are now so old-school they’re available as free downloads for newbie hackers. Your best protection is long, complicated passwords.
- Theft: About six out of 10 people have the same username and password on every account. Hackers play the odds. Once they’ve stolen one username/password, they’ll use them on thousands of common websites. Products such as the HyperFIDO provide a deeper level of security by requiring you to press a physical button. The device then enters the stored password.
- Public WiFi: Hacker’s don’t need to be in the same room in order to break into public WiFi and steal your username/password. All they need is to be close enough (in their car or a nearby building) to access the network. Software records logins and your private info is now for sale on the black web.
- Phishing: There are two types of phishing attacks.
- Tab Nabbing refers to clicking a link on a fake email that looks legit, such as an email that looks like it came from a bank. If you click on the link, you’re directed to a website which looks like the bank’s real website. If you receive an email that you feel as though you should respond to (notifying you of a bogus charge, for example), call your local branch. Don’t click on the link.
- Key Logging happens if you click the attachment on a hacker’s legitimate-looking email. Malware will be installed in your browser and record everything you type, including username/password. A few years ago, bogus ecards became popular attachments for the malicious script.
Creating Strong Passwords
There are two easy ways to create strong passwords.
- Develop a System: Come up with a complicated mix of letters and numbers you’ll be able to remember, such as gfp0913 (your father’s initials plus your anniversary). Then add four letter from the website’s name, such as the first and last two letters. Amazon would be amon, giving you a unique Amazon password of gfp0913amon.
- Use a Password Generator: These 13 password generators will supply you with countless powerful passwords.
Remembering all your passwords isn’t easy. If you use very strong passwords, it’s just about impossible. There are two schools of thought on securing all your usernames/passwords.
- Low-Tech: Some people write down all of their passwords in a notebook. While this method has the advantage of not being connected to the internet, it’s vulnerable to being lost or stolen.
- Password Managers: There are many excellent password managers that remember and store your password info. Also, your browser and possibly your antivirus program have built-in password managers.
Securing WordPress Websites
The vast number of WordPress sites and the fact that they’re open source has caused reports that WordPress is especially susceptible to hacking. While it’s true that some hackers “specialize” in WordPress, too many sites are left vulnerable by their owners. Here are some simple tips on securing your WordPress site.
We hope these password tips and resources will be helpful. When the BXP team designs a WordPress or other website, security is always a primary concern. We’ll work as hard at protecting your website as we did when we built ours.