How to create a secure password
Article Number: 1053 | Rating: Unrated | Last Updated: Tue, Jun 20, 2017 at 10:46 AM
How to create a secure password
The secure password
A vast majority of security breaches involve compromised passwords. Skilled hackers use software specifically written to crack them. While it is impossible to eradicate the threat posed by hackers, a strong password makes it drastically more difficult to hack your website.
A strong, secure password consists of three elements: secrecy, uniqueness, and complexity. The goal is not to "hack-proof" your site, but to multiply the skill and computing power necessary to hack your password.
Many users only dabble in the security measures outlined below, paying them lip-service until a hacker teaches them a brutal lesson by stealing their data, identity, or livelihood. Do not be one of them. If you ever suspect someone has hacked your site, contact the Nexcess Support Team immediately.
This sounds obvious and yet a surprising number of security compromises occur when users either voluntarily or involuntarily share their password with a third-party. No reputable service provider in any industry will ask users for their passwords in emails, bulletin boards, or other forms of communication. Do not surrender your password to anyone, for any reason.
Some companies will also adopt a policy of requiring their employees to change their passwords monthly. In theory, this augments protection. In practice, however, it depletes it when employees choose simple passwords or write them down to make the frequent changes easier to remember. Frequent password changes can be wise, provided you consistently choose strong passwords and store them only in their head. Do not recycle old passwords or you will the advantage of changing them in the first place.
Finally, if you ever suspect a security leak of any kind, immediately change your passwords.
Involuntary sharing typically occurs when a hacker learns one of your passwords on a less secure site and then uses that same password to access more secure sites. Hackers count on people using one favorite password and perhaps a handful of variants for all or most of their favorite sites. They unleash their software on your favorite eCommerce site or online help forum, and then use the cracked password to access your most sensitive information on sites such as those owned by banks and government agencies.
The simplest and most effective countermeasure is to generate a unique password for each and every application, website, and device in use. If this sounds like a bookkeeping nightmare, weigh it against the potential cost of a hacker gaining full administrative access to your website and use a password manager to relieve yourself of the burden of tracking your unique passwords. At the very least, Nexcess urges you to keep each administrative password unique. Once you generate the password, do not repeat that password anywhere else.
Nearly all hacks involve cracking a weak password, and if hackers cannot guess your password, then they may try a brute-force attack. A surprising amount of users rely on default passwords such as "admin," "password1" or some form of their birthday. These passwords and ones like them are the first ones hackers will guess.
Complicated passwords usually require a brute-force attack or password-cracking software that makes hundreds of millions of random guesses per second. The time it takes them to crack a password involves many variables, but the most significant of the three are:
Of these three, you can control one: password complexity. The hardest passwords to crack string together unrelated words and sequences of numbers. For example:
Information relating to your family members, birthdays, and so on, is easy to find for even non-hackers. Never use common and ill-advised choices like:
Password managers and two-factor authentication
If maintaining unique, complex passwords for all of your applications sounds difficult, use a password-management application like LastPass, Dashlane, or 1Password to safely catalog and encrypt your unique passwords in the Cloud under one unique master password. They also offer two-factor authentication, and we strongly recommend this additional security measure. In the event a hacker successfully compromises your password, the hacker still cannot gain access without the second form of authentication. This second form may require a thumb-drive, a fingerprint scanner, or a mobile device.
If you are using Magento, consider using Sentry Two-Factor Authentication, a free open source extension for the popular eCommerce platform.
Nexcess Secure Password Generator
If you want help generating a secure password, then consider using the Nexcess Secure Password Generator. This generator instantly creates a random password built to your specifications. It generates two types of passwords: traditional and multi-word. Refer to How to generate a secure password for instructions regarding its use.
There are no attachments for this article.
How to reset your SSH password and add SSH keys in SiteWorx
Added on Wed, Feb 8, 2017
How to password-protect web pages with .htpasswd
Added on Thu, Jun 29, 2017
How to create SSH keys in Windows with PuTTY
Added on Tue, Jul 25, 2017
How to change your Client Portal password
Added on Mon, May 21, 2018
How to activate two-factor authentication in SiteWorx
Added on Tue, Nov 28, 2017
What are the advantages of using SSH keys to control access for multiple users?
Added on Tue, Apr 5, 2016
What are file and directory permissions?
Added on Wed, Nov 12, 2014
How to transfer files to a server with SFTP
Added on Wed, May 23, 2018
How to patch your Magento store
Added on Mon, Jan 11, 2016
How to secure your WordPress site
Added on Mon, Jul 20, 2015