Do NOT Choose 123456 qwerty, test as a Password
Step 2 from the 7 Day Sequence: 7 Easy Steps to Secure Your Website
We told you why your website's security is so important, shared with you the first step for a SuperSecure website and how to protect sensitive data in your hosting account. In the following lines we are about to tell you which is the next important step from our sequence.
Have you ever used 123456, qwerty or test as a pasword? If the answer is yes, we recommend changing it. Choosing a strong enough password no matter if it concerns your hosting account, profile on social media or other accounts is one of the most important elements for your secure web presence. Some passwords, such as the one for your hosting account, provide access to important information in relation to your business, personal correspondence and personal data. Your mailboxes, files, databases and the whole website administration are located on your hosting account. If this information leaks, third parties can cause big damage.
What might be the consequences?
- We have observed interesting cases with a not strong enough email account password. In this case hackers managed to guess the email password since it was weak. What happened after they accessed the account? Hackers tracked communication to be aware of the business activities and correspondence of the owner. When an invoice with bank account details was received, the malicious persons sent another email some minutes later containing information that the bank account number had been changed and provided their account number for transferring the amount there. So the owner of the email account transferred the due amount to another bank account without even noticing their mailbox had been compromised.
- In another case a weak password for a WP website administration was used so third parties had easily managed to guess it. So the website got a virus and started spreading it. There were also other websites hosted on this account so they immediately also got the virus from the malicious files uploaded through the compromised website. As a result, a few projects in this account were damaged because the "admin” password had been used. We always recommend our customers to use a separate hosting account for every website.
Statistics show that despite the big number of warnings, many users still rely on passwords containing numbers from 1 to 4,5,6,7... or only zero and 1. Very often users also set the same password for different accounts such as their website, Facebook profile, mailboxes, etc. But in this way they help malicious software or hackers reach their personal data. If you use your email password for other accounts, it will be enough for hackers to guess it only once and then compromise all your accounts.
One thing strictly forbidden is using the same password for your mailbox and the accounts registered with this address. If your email gets compromised, its password will be used for access attempts to all accounts and services for which you have received messages in this mailbox.
Through the emails in your account, third parties can easily track all other registered accounts you have. After accessing your mailbox they can change your passwords for all services, registered with this email address.
When it comes to hosting service and your website, you should also be very careful with passwords. Do not use the same password for different accounts - the website's admin panel, cPanel, FTP users, email accounts and others.
If you cannot decide on a strong enough password by yourselves you can always count on the Password Generator as you can access it through your hosting account’s cPanel » Settings » Password & Security.
We also recommend regularly changing your website's administration password. You should use strong passwords, consisting of uppercase and lowercase letters, numbers, and special characters. Here are a few tips that will help you choose a strong password:
A Few Tips for Choosing a Strong Password.
- Do not set up as a password the anniversary you keep forgetting. As much complex as your password needs to be, you should be able to remember it easily. 🙂
It is not easy to remember tens of thousands of passwords, but there are tips to make your life easier.
1) Password Manager to secure your digital life
There are various programs to be used as password managers. The idea of such software is to help you keep all your passwords safe. You will only need to remember the password for the Manager.
The Password Manager itself must use very high levels of protection for the passwords as well as encryption methods to prevent hacking.
In most cases this kind of software is premium, but the investment is worth it. There are also free, open-source applications which use strong encryption.
2) Phrases easy to remember
Remembering a password such as "1238*(D*(&*DSH" is difficult, but not impossible. Remembering 100 passwords like this is impossible.
It is important to make a difference between a strong and impossible to read password. There is a way to choose a strong password that is easy to remember by using phrases.
Here are some examples:
"This is my strong password - 55"
"Not easy to guess!!!"
Such type of passwords are not only easy to remember, but also not simpler than "1238*(D*(&*DSH" and difficult to guess.
You can use quotes from a favorite movie, wise thoughts, jokes that are easy to remember for you, but impossible to be guessed by a third person not knowing you, neither a software.
3) Test accounts having username or password "test"
A very common mistake is using a simple username or password for testing purposes.
For example, in cases when you wish to create a test FTP account, system user or test server. We usually think "I need this account for 15 minutes and to save time I will set up a password and username test".
So malicious bots scan the web every few seconds. If you generate a test FTP account with a username or / and password "test" it is possible that very soon it will be compromised.
You should create strong passwords even when you use test usernames.
We recommend checking your passwords and updating the ones that are not strong enough. You already know how to generate them, do not you?
Stay tuned for the next step of our sequence because we will tell you about the importance of updating all systems, themes and plugins.