This is an appeal about passwords – an appeal that you always use strong passwords.
As everyone knows, there is a lot of attempted fraud on the internet and there are people who would like to use your userid and password to access the services you use. Why do they do this? It may be that they can get financial information, e.g. credit card details, which they can take advantage of or, they may just want to use your email address to send SPAM messages to others. The first of these can obviously lead to your finances being compromised (usually quantifiable) and the second results in reputational damage, both personal and affecting your business (unquantifiable). Neither of these outcomes are, in any way, desirable.
In addition, if you have a website that you can update yourself, like WordPress, then if your userid and password can be guessed, others can access your server and utilise that machine for other criminal activities such as bombarding other sites with random requests as a means to cause another company’s site to collapse. The reason people do this is to extort money from the website owner in return for stopping the barrage of spurious requests. The effect of this activity on your site (i.e. the one sending the requests) may not be that obvious but the speed with which your pages load will decline, causing user frustration, and the search engines are likely to discover this activity on your server and may, therefore, ban your site from their listings.
To protect ourselves and our businesses I believe we have a duty to use strong passwords that are difficult to guess or break.
There's more information in general about protecting your site from hackers in the post How to protect your website against hackers.
Top 10 Passwords
Even in these times of greater awareness of computer crime, many people do not take much care about passwords. This was revealed in a report from SplashData who published a list of the top passwords used on the internet which they obtained from lists of stolen passwords published in 2013. Here’s the top 10:
As you can see, all of them can be easily guessed – simple for humans and even simpler for the computer programs that are written to automatically try to break into password protected accounts. If you are using any of these passwords for any service you access, please change them now.
Before I make some suggestions about how to create a good strong password, you could be thinking that you need to make passwords easy to remember otherwise you’ll forget them. This is not true if you use a password manager. If you’re not familiar with this type of software then its job is to remember the passwords you use on all the different sites you access so you don’t have to. All you need to remember is the password to the password manager – that’s it. The individual passwords are then securely stored and automatically entered into the right passwords fields when you need to log in. Have a look at LastPass , 1Password and Dashlane. They are all free (with premium versions too) and they all get good reviews. Personally, I use LastPass and find it works well. For me, this is the solution to having good, strong, secure passwords as you don’t actually have to remember them or write them down anywhere - you just need the single master password to your password manager.
Good, Strong Passwords
When I am creating a password, these are the elements I want to include:
- At least 8 characters
- Some numbers
- Some lowercase letters
- Some uppercase letters
- Include some special characters (*, <, >, %, ?, !, #, £, $)
Avoid using common words and substituting zeroes for letter o and 1 for the letter l, e.g. L1verp001. That’s still too easy for hackers to break. The SplashData web page I referred to above makes some other suggestions about passwords which I personally don’t use but you may want to have a look at that too.
LastPass offers a security health check on passwords and can scan for all sorts of vulnerabilities suggesting actions that can be taken to improve your protection. I imagine other tools do something similar.
Online security is important for you personally as well as for your business. We can never be 100% secure but, based on that list of most common passwords, there is a lot many of us can do to improve matters. Let’s take proper responsibility for our online security and take the time to create robust passwords. Can you think of any reasons not to do that?