Site: US UK AU |

How to create a secure password

How to create a secure password

This article explains how to create and maintain a secure password.

The secure password

A vast majority of security breaches involve compromised passwords. Skilled hackers use software specifically written to crack them. While it is impossible to eradicate the threat posed by hackers, a strong password makes it drastically more difficult to hack your website.  

A strong, secure password consists of three elements: secrecy, uniqueness, and complexity. The goal is not to "hack-proof" your site, but to multiply the skill and computing power necessary to hack your password.

Many users only dabble in the security measures outlined below, paying them lip-service until a hacker teaches them a brutal lesson by stealing their data, identity, or livelihood. Do not be one of them. If you ever suspect someone has hacked your site, contact the Nexcess Support Team immediately.


This sounds obvious and yet a surprising number of security compromises occur when users either voluntarily or involuntarily share their password with a third-party. No reputable service provider in any industry will ask users for their passwords in emails, bulletin boards, or other forms of communication. Do not surrender your password to anyone, for any reason.

Some companies will also adopt a policy of requiring their employees to change their passwords monthly. In theory, this augments protection. In practice, however, it depletes it when employees choose simple passwords or write them down to make the frequent changes easier to remember. Frequent password changes can be wise, provided you consistently choose strong passwords and store them only in their head.  Do not recycle old passwords or you will the advantage of changing them in the first place.

Finally, if you ever suspect a security leak of any kind, immediately change your passwords.


Involuntary sharing typically occurs when a hacker learns one of your passwords on a less secure site and then uses that same password to access more secure sites. Hackers count on people using one favorite password and perhaps a handful of variants for all or most of their favorite sites. They unleash their software on your favorite eCommerce site or online help forum, and then use the cracked password to access your most sensitive information on sites such as those owned by banks and government agencies.

The simplest and most effective countermeasure is to generate a unique password for each and every application, website, and device in use. If this sounds like a bookkeeping nightmare, weigh it against the potential cost of a hacker gaining full administrative access to your website and use a password manager to relieve yourself of the burden of tracking your unique passwords. At the very least, Nexcess urges you to keep each administrative password unique. Once you generate the password, do not repeat that password anywhere else.


Nearly all hacks involve cracking a weak password, and if hackers cannot guess your password, then they may try a brute-force attack. A surprising amount of users rely on default passwords such as "admin," "password1" or some form of their birthday. These passwords and ones like them are the first ones hackers will guess.

Complicated passwords usually require a brute-force attack or password-cracking software that makes hundreds of millions of random guesses per second. The time it takes them to crack a password involves many variables, but the most significant of the three are:

  • The speed of the hacker's connection

  • The speed of the hacker's computer

  • The complexity of the password

Of these three, you can control one: password complexity. The hardest passwords to crack string together unrelated words and sequences of numbers. For example: 

  • always26keyboardpumpkin723

  • 22hazespaghetti641tulip132bathtub

Information relating to your family members, birthdays, and so on, is easy to find for even non-hackers. Never use common and ill-advised choices like:

  • Any names related to your partner, children, or pets

  • Your address, places of education, or favorite sports teams

  • Any birthdates relating to you or your family members

  • Any portion of your social security number

  • Any natural sequences of numbers like "1234" or "2468"

Password managers and two-factor authentication

If maintaining unique, complex passwords for all of your applications sounds difficult, use a password-management application like LastPass, Dashlane, or 1Password to safely catalog and encrypt your unique passwords in the Cloud under one unique master password. They also offer two-factor authentication, and we strongly recommend this additional security measure. In the event a hacker successfully compromises your password, the hacker still cannot gain access without the second form of authentication. This second form may require a thumb-drive, a fingerprint scanner, or a mobile device.

If you are using Magento, consider using Sentry Two-Factor Authentication, a free open source extension for the popular eCommerce platform.

Nexcess Secure Password Generator

If you want help generating a secure password, then consider using the Nexcess Secure Password Generator. This generator instantly creates a random password built to your specifications. It generates two types of passwords: traditional and multi-word. Refer to How to generate a secure password for instructions regarding its use.


For 24-hour assistance any day of the year, contact our Support Team by email or through the Client Portal.

Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.