Quick quiz: What are the most popular passwords for online accounts?
If you guessed no-brainers like “1234” and “password,” congratulations!
You may be…
C. A fellow security nerd (hi there!)
Either way, you will also be — unfortunately — 100% correct. 🤦♀️
In fact, “123456” and “password” were the two most popular passwords in 2019.1
Now you may be asking…
But Elliot, why are those simple passwords a problem?
Seriously, what’s the harm in using simple passwords?
When a malicious user targets your website (or, more likely, your site is one of many swept up by a wide net), they need just two things to access your content:
Username + Password
That’s right — your password is 50% of the equation.
If your password is simple and easy to guess, an attack is already halfway into your site.
And that matters. A lot.
A compromised WordPress website can cost you thousands of dollars and many lost hours to restore.
Plus, website hacks lose customer trust, scare off potential clients/donors, and open you to serious security issues that can haunt you for months or even years into the future.
Leagues of lost time and money that you could be spending building your business, expanding your customer base, and boosting your sales.
One of the easiest ways that malicious users gain access to a website is through weak passwords. That means you can dramatically boost your WordPress website security by improving your password.
(Oh, and this applies to way more than just your websites. Using secure passwords is important across the entire web, from your website to social media to email accounts — the list goes on!)
Here are 4 ways you can improve your passwords and be safer online:
1. Create complex passwords
Passwords that are just a single word are easy to crack, especially when it’s something simple like “admin” or “password.”
Pretty obvious, right?
Despite the duh factor, many people use common passwords that are easy to guess. They may hear about other accounts being hacked online, but they think it just won’t happen to them.
Don’t do that.
Please, do me this favor.
Don’t be one of the many people using a simple password.
Create long passwords that combine letters (not words), numbers, and even symbols
There are different methods to generate secure passwords, such as memorizing phrases and using only the first letter of each phrase.
For example, “My dog is named Sallie and she is 4 years old” could become the password “MdinSasi4yo.”
Which is…not the most memorable, I admit.
If that approach seems overly complicated, don’t despair!
Rather than wasting mental energy trying to come up with phrases for passwords, let tech do the heavy lift. I suggest using a free tool such as this one to generate secure, random passwords combining letters and numbers.
2. Use a unique password for each site
So you’ve followed step #1 and now have a secure login password for your website. You may be patting yourself on the back, but hold on just a minute…
Are you making the mistake of reusing that same password on multiple websites?
Your website login password should never be the same as your Facebook password.
Or your email password.
Or your banking password.
Or any other password at all.
Why is it a terrible idea to reuse passwords?
When you use the same password for multiple logins, you compromise your security for all those logins. If your website password is the same as your password for Facebook and/or Gmail, cracking one password will actually provide access to many of your accounts.
This vulnerability is especially important now that many people use emails to verify our accounts. If your email account is compromised, intruders can quickly see all your financial websites and social media profiles.
They’re just one “reset my password” link away from accessing your data.
The fix? Use unique passwords for each login.
3. Securely store passwords
Of course, it’s not intuitive for most people to remember a password like “sT3EkN4!Q7diX4M8” or “7dy60!^7LmW@vDEP”.
It’s even harder when you have unique passwords for each website.
You could have dozens or even hundreds of such passwords to record.
(And I hope you’re not considering the ol’ sticky note solution. You’ll be reverting to “admin” and/or pulling your hair out before the end of the week…trust me.)
Rather than trying to memorize or record each password manually, I recommend storing them in a manager like LastPass.
The manager will install as a plugin in your browser, so all you have to remember is one master password to open your LastPass account.
Once you’re logged into LastPass, the plugin will automatically record new passwords and generate suggestions as you open new accounts.
Other password managers are readily available online, including both free and paid options. I suggest starting with a free LastPass account. You can always upgrade once you test their service and/or want more functionality.
(Full disclosure: I’m a LastPass Affiliate, which means I’ll get a small commission if you sign up for a paid plan with one of my links. That said, I never recommend products or services unless I trust them myself and would recommend them to my family!)
4. Force strong passwords on your WordPress website
This tip is a special option for WordPress website owners. Did you know that you can force users on your website to create strong passwords?
Why would you want to force strong passwords on your WordPress website? Well, think of th old proverb “A chain is only as strong as its weakest link.”
That saying applies to websites, too. Even if you follow the tips above, your website is only as safe as your least secure user.
I repeat: your website is only as safe as your least secure user.
Can you guarantee that every single user on your website will always use a strong password?
…I didn’t think so.
You may be following all the right tips — using a strong password that combines letters, numbers, and even symbols!— but another user could be putting you at risk.
If even one user is recycling the same insecure “1234password” login for your website that they use for Instagram and Outlook, your WordPress site is at risk.
Rather than leaving password strength up to chance, you can force your WordPress users to create strong passwords through plugins such as Force Strong Password.
This plugin forces users to create a secure password. Yes, they could still be reusing that strong password on other sites, but it’s an important step in the right direction.
And there you have it — 4 ways to boost your password safety! With these tips, you’ll be well on your way to better WordPress security and a safer online existence.
Now it’s your turn…what questions do you have about WordPress websites and security?
I’d love to know your questions and thoughts, let me know in the comments below!