8 Best Practices for Password Security

Posted on

If you’re in any way vigilant about online security, you undoubtedly have a different, complicated password for every protected online resource that you use. Also, because you’re vigilant, you might sometimes have trouble remembering passwords. But weak passwords won’t stand up to security issues from hackers.

Passwords are a pain, but strong passwords are also a necessary means of defense against hackers who won’t stop at anything to gain access to your accounts.

It’s worth the time and effort to keep hackers off-balance with smart, strong passwords that (hopefully) you can still remember. Hackers excel at exploiting weaknesses, and they have the time and the tools to keep hacking away.

What is the Most Common Password?

The most common password in 2019 (which did not change from 2018) was 123456. Other common passwords included 123456789 and qwerty.

Anyone using any of these passwords are just begging to be hacked.

Hackers are everywhere, and they are constantly looking for your password vulnerabilities to attack.

Struggling with infrastructure security issues? Download our Security Structure Checklist for SMBs.

What Password Mistakes Should You Avoid?

To protect your passwords, here are eight common password mistakes to avoid:

  1. Consecutive keyboard combinations, for example, “zxcvb” or “qwerty”
  2. Trending slang phrases or words spelled backwards
  3. First name, family name, or names of your spouse or kids
  4. No personal information, like your birthday or age.
  5. Never recycle old passwords, use passwords only once.
  6. Don’t use the same password for every account you possess.
  7. Don’t let anyone watch you enter your password.
  8. Always log off of your account if you leave your computer around or are on a public network.

These are all great helpful hints to keep you away from being hacked, which can often lead to an even worse turn of events, like identity theft or data theft/loss.

What Ways Do Hackers Use to Hack or Gain Passwords?

Brute Force Attacks

Brute force attacks are when hackers try to overpower your defenses, attempting combinations of usernames and passwords with software that recombines English dictionary words with thousands of variations in an attempt to access your website.

While WordPress is the most popular CMS, and therefore the most targeted for brute force attacks, other CMS platforms and login systems are also vulnerable to attack.

Avoid “Admin”

Avoid the default “admin” name for WordPress and other login systems. Hackers will always try using “admin.”

Also, don’t use common names or even your website name as the username. As tempting as it is to think a hacker won’t be able to spell your difficult last name, he/she can always cut and paste it from another source.

Social Engineering

Social engineering is a malicious tactic hackers use to manipulate their targets into divulging sensitive and confidential information. Social engineering can happen across many different platforms, including email, social media, and even the phone. Social engineering, when paired with spear phishing, can be extremely effective to unwary targets that are not on the lookout.

The entire point of social engineering attacks is to gain confidential information that could be used to gain access to systems, steal data, or steal your identity.

Unlimited Login Attempts

Website logins can be set to have either unlimited or a set number of login attempts. It never hurts to limit the number of login attempts you can make to access your site. Not only will this eliminate the threat of brute force attacks, but it keeps hackers from attempting to access their site through manual password entry from socially engineered attacks.

If you are using WordPress, you can download a plugin to do this for you, or even whitelist/blacklist specific IPs for access/denial of access. This way, you can be sure legitimate users can access your site while malicious hackers cannot.

8 Best Practices for Password Security

Here are the top eight security best practices for passwords in 2020:

  1. Use different passwords for different accounts, so if one is compromised, the others are not.
  2. Phrases using symbols like a smiley face “:)” instead of using the word happy, or replacing the word “to” with the number “2”. This can make your password more difficult to guess by playing around with short codes or phrases.
  3. Try using passphrases with words that don’t normally go together instead of easily forgettable and non sensible long-character passwords. Passwords like “puppy airplane eating banana” are more easily remembered and less likely to be hacked. Also, swap in non-alphabetic and uppercase characters to strengthen the passphrase. Using the same example, we could easily strengthen the password to “Puppy 41rpl4n3 34ting B4n4n4” by substituting numbers for letters.
  4. We recommend using at least twelve characters of interchangeable lower case, upper case, symbols, and numbers within your password. The longer, the better.
  5. Always check the strength of your password. Most sites allow for a password analyzer to communicate how strong or weak your password may be. Definitely pay attention to the analyzer and alter your password accordingly.
  6. Change your password every 90 days, at a minimum.
  7. Employ Two-Factor Authentication (2FA), also known as Multi-Factor Authentication. This uses a text-based or application-based authentication method to verify your identity prior to access.
  8. And lastly, invest in a password manager. Password managers use multiple forms of encryption to ensure that your passwords are even harder to crack, and allow you to only need to remember one password.

Take Password Security Seriously

The above password best practices will help you further secure your site. Granted, thorough password protection isn’t a quick task, but it’s worth the time and effort to keep hackers off their game while safeguarding your site and customer data from theft.

Secure Your Infrastructure Today With This Checklist

Download our Security Structure Checklist for SMBs

eBook - SMB Security Checklist

Want more news and updates like this straight to your inbox?

Keep up to date with the latest​ ​Hosting news.