Overview

Protecting your passwords and logins is critical to keep malicious parties from obtaining your information and compromising your site. Using security best practices will keep you from being compromised by malicious users and programs. One of the best ways to secure your computer, website, and credentials is to start with a secure password.

Update Your Passwords Often

For optimal security, you should update your passwords every six months. If your computer or website is ever compromised, it is essential that you change all passwords immediately.

Best Practices

Your secure passwords should be built around two essential rules:

Password Length

You must create passwords that are at a minimum of 12 characters in length. The more characters you include in a password, the exponentially longer it will take a hacker to crack it.

Password Complexity

Every password you create must contain a mix of the following character types:

Lower and Upper Case Letters: Mix and match lower case and upper case letters.
Numbers: Use numbers to separate your letters and strings of letters.
Special Characters: Include characters like #, %, &, and *. Use a few of these in each password.

Password Strength: The Passphrase Method

The easiest way to create a long, secure, and memorable password is to combine four completely random words (e.g., PurPle.Whale.Coffee.Rain). This method meets the length requirement (usually 18+ characters), is easy for you to remember, and is extremely difficult for a hacker’s software to guess.

Examples of What to Avoid

To create a strong password, you must avoid using easily guessable information or common patterns:

Do not use the names of family members, friends, or pets.
Avoid using dictionary or real words, even with a number or symbol added to the front or back.
Avoid sequential patterns (instead of 12345, use a random sequence like 53241).
Never include any part of your username, date of birth, or phone number.
Do not substitute letters with numbers (like using 0 for o).
Never leave a password entry empty.

Recommended Guidelines

Following these simple guidelines will help keep your workstation and websites more secure.

Use a Unique Password Every Time: Create a unique password for every account. Never use the same password for multiple accounts, and avoid using incremental passwords (like password1, password2).
Secure Your Credentials: Never write down passwords where they can be seen. Use a password manager (like LastPass, KeePass, or 1Password.) to securely store your passwords instead of relying on sticky notes.
Never Send Passwords Over Email: You should not share your password with anyone, but if you must send account credentials to another user, you must encrypt the email or use a dedicated secure method.
Enable Master Password in Browser: If you use your browser’s “remember password” option, make sure you enable the master password feature. This prevents anyone who uses your computer from being able to see your stored passwords.

Following these simple guidelines will help keep your workstation and websites more secure. Using security best practices will keep you from being compromised by malicious users and programs.

Next Steps

A strong password is essential, but it is not enough. You must also enable Two-Factor Authentication, or Multi-Factor Authentication (MFA) on any account that grants access to your server or billing, such as your my.liquidweb.com portal. These authentication methods require you to confirm your identity using a second device (like your phone). This protects you if an attacker ever steals your password, as they still cannot log in without your physical device.

Now that your password is secure, ensure you have a firewall or security application (like CSF/LFD or Imunify360) active on your server to automatically block hackers who repeatedly try to guess your login credentials.