Why Can’t My Password Be ‘Password’

They say a strong password is the first line of defense for any system. Actually, a strong password is the equivalent of not leaving your keys in your parked car. Strong password is the absolute minimum security measure you should do. That being said, what qualities make up a strong password.

Good length

access-data-694542_640 (1)Generally speaking, a long password is a strong password. How long? As long as the system will allow. Long passwords prevent people (or programs) from randomly guessing passwords. This is called a brute force attack. People are slow, but computers can make hundreds of guesses a minute. So the longer the password, the longer it takes to get in.

Why does it matter how long it takes? Because a good system will have other measure in place. One such measure is a login lockdown. Login lockdown locks out a particular source if a brute force attack is detected. If your password is to short, then the attack might get in before they are locked out.

Not easy to guess

Seems redundant, but a good password isn’t easy to guess. By that I mean, it’s not a simple word. It doesn’t routinely make a list of Top 100 Passwords. A strong password isn’t a word you would find in the dictionary. A strong password isn’t a word at all.

A strong password is a combination of upper and lower case letters, numbers, and any special characters allowed by the system. This will limit Dictionary attacks. A Dictionary attack is a type of brute force attack that uses a list of words to try.

Not connected to you

People like to use passwords that are easy to remember. This is a good policy in general. But most people pick something easy for others to guess. If you pick your birthday, relative/pet names or birthdays, favorite song/artist, you are making it to easy for hackers.

All these things are easy to find out. If the hacker knows you, then they have the inside scoop. But with social media, it’s easy to “know” someone you never met. Think about all the things you post on your various social media sites. There is a huge amount of information about you. Hackers are good and combing through this stufff and finding the gems.

So how do I make a strong password

The easiest way to make a strong password is to start with a phrase. Two to three words that add up to about 15 characters. Some systems limit you to 10, so make the last word five characters. That way you can drop off the last word. And the phrase shouldn’t make sense. Three random words.

Now comes the tricky part. You want to subtitute some of the letters for numbers or special characters. Like @ for A and 3 for E. And you should capitalize some of the letters. What makes this tricky is making it easy to remember. You want a pattern that you can easily remember without writing it down. But it can’t be so easy that a hacker will guess it. Common letter substitutions like I listed about are often written into Dictionary files.

Learning about strong passwords is just one of many skills you should learn. WordPress is very popular and that puts a big target on it for hackers. So learning some basic security principles and applying basic security software will go a long way to protect your WordPress website from these opportunistic hackers. Don’t let them monetize your WordPress website by stealing your traffic and data, and using your as their marketing material.


P.S. While you should learn basic security principles, somethings are better left to professionals. Let me and my 20+ years of experience maintain your blog. Just click here to sign up for our WordPress monthly maintenance program.

Tags: , , , , ,
Previous Post

Best Security Advice from 2015

Next Post

Why Hackers Hack

Leave a Reply

Your email address will not be published. Required fields are marked *