Did you celebrate World Password Day last month? What, you mean you didn’t know that there was one? May 13 is considered World Password Day and it’s a chance for you to review your passwords and see if there is a way to increase your security for your WordPress sites.
Don’t think you need to increase your security? Take this test and let’s see where you are.
- Have you used the password again someplace else, for a separate account?
- Are you using “admin” as your WordPress username?
- Is your password a dictionary word?
- Have you shared your password with anyone else?
- Does your password have fewer than 12 characters?
- Does your password include numbers, symbols and both upper & lower case letters?
- Are you using two-factor authentication for your WordPress login?
If you answered yes to any of questions 1 through 5 and/or no to questions 6 and 7, then it’s time to change your password and increase the security of your WordPress site.
Each year, internet security experts release a list of commonly used passwords. Here are a few examples.
123456, 987654321, 555555, 123456789, qwertyuiop, 3rjs1la7qe, qwerty, mynoob, google
Making your Password Stronger
These are just a few examples of passwords that people use on a daily basis. So how do you make a secure password? Some tips include the following.
- Include numbers, capitals, special characters (@, #, *, etc.)
- Be long (12 characters – minimum; 50 characters – ideal)
- Can include spaces and be a passphrase (Just don’t use the same password in multiple places)
- Changed every 90 days, or 3 months
Ok. I know, 50 characters might be a bit much but the longer it is, the more secure it is. The problem with long passwords is that they are hard to remember. One method you can use is to create a “passphrase”. Basically, take a phrase and make it into a password. Are you tied of COVID? Well a password would be something like Ih@t3C0vidaL0t!
You just have to remember where you put the capitals, numbers and characters. Exchange numbers or characters for letters that look the same. For example, use a 3 in place of an e and the @ symbol for an A.
Another option is to use a Password card. This is a card that can be generated using random letters and numbers along with symbols. An example would look like this.
If you know where to start and how many characters and which direction to go, you can keep this card on you at all times and have a random password. You can generate your own at https://www.passwordcard.org/en
You can also just generate random characters yourself by banging on a keyboard, but that would really be hard to remember. Well, unless you used a password tool like Lastpass. Lastpass will remember your passwords for you and can even generate random passwords for you to use. You can install it on your computer as well as your mobile devices and anytime you go to a site where Lastpass has saved your password, it will fill in the information for you. Of course, you will want to remember a strong password for that application.
Checking your password
So, you think your password is secure enough? Well, Lastpass has a check tool for you. Go to https://lastpass.com/howsecure.php and see how strong your current password is. It will also give you tips on how to make it stronger if needed. Also, has your password been compromised from other systems? You can go to HaveIbeenPawned, enter your password and it will tell you if it shows up in any of the known passwords that have been compromised from other websites.
Another tip to make sure your password is as strong as it needs to be include, don’t reuse passwords on different websites. If a site gets hacked, then your password for other sites can be compromised as well.
Now, your password is secure, but what about others that log into your WordPress site? Using a good security plugin like Wordfence or ithemes security includes a section to tell you how strong a user’s passwords is.
You can also force two-factor authentication. This means that after the user logs in, they are required to enter a second random code to get into the site. You can use an app on your phone like Google Authenticator. This will generate a new random number every 30 seconds and you have to enter that code before the 30 seconds is up. You can also have the site text you a code to enter.
If you need help in securing your site, sign up today for our Free Site Audit and we will audit your site for your security and maintenance and send you a report detailing what we find. So, belated Happy World Password Day. Go check your passwords and change them if needed.