Is Your Website Password Safe – Some Do’s and Don’ts
I’m paranoid about website security as I get to use a lot of monitoring tools and I can see just how many times per day someone tries to get into the websites I look after. It takes some highly sophisticated tools to keep your website safe, but proper password management can make a tremendous difference. It’s incredibly easy to guess most peoples passwords, so it’s time to learn some good password habits, as it will save you a lot of headaches down the road and best of all these good habits are easy to learn.
Passwords Based On Personal Information
Don’t, I repeat don’t use personal information for your passwords. Common personal information includes names, initials, names backwards, birthday, kids or pets names, car make and model, etc., etc.
Use Passwords with a Series of Random Letters And Numbers
For the most secure passwords use a series of random letters and numbers, preferably with punctuation in it. For example: JkOWn(292(*&5#@&!)@d. It may be impossible to remember this password, but you can always save it somewhere and cut and paste it when you need to log in… and please don’t save it on your desktop with the file name password/s.
Don’t Use Proper Words For Passwords
Don’t choose any words that can be found in a dictionary, an expression someone might know, or a sequence of letters or numbers (example 123456789 or Fido). However, it’s fine to use the first letter of each word of a song like or phrase. An example would be IWTHYH from the Beatles I Want To Hold Your Hand.
Regularly Change Passwords
Don’t forget to periodically change your passwords. If you change them regularly, there’s less chance that a hacker will be able to use a password if they do find it. Change your password anytime you haven’t logged in to a site for a while. If it’s a site where you log in often, get into a routine of changing your password every few months.
Use Different Passwords For Different Websites
DON’T use the same password for multiple sites. For example, the same password for your email, Facebook account, and bank account. If hackers obtain your Facebook password, they’ll have access to your bank account. This is a common mistake and hackers know that people do this, and they take advantage of it, so please use different passwords.
Don’t Share Your Password
DON’T share your passwords with friends. You may trust them, but once a password is given out, it’s out of your control and you might not know what they do or who they in turn share it with.
Give Everyone Their Own Password
Assign separate passwords for business partners, virtual assistants and others who need access to your account. Maintain control over what each person can access with their password.
Sometimes a person you know needs access to your website, perhaps to carry out a task. Assign this person a temporary password and when they are done, simply delete the password.
Logout of Websites
A lot of Websites allow you to stay logged in, however it is best to log out each time you leave. While you’re logged in, your account’s security is compromised. If the network is unsecure, your account is open to attacks. I would recommend not using the ‘remember me’ function some websites have. If you log in often, you can use a password manager to make it easier and always ensure your computer has a suitably strong password.
Don’t access password accounts through an unprotected Wi-Fi networks. If you want to be on the safe side, avoid logging in on a wireless network at all, even if it’s secure.
No article on website passwords would be complete without a comment on usernames, and as usernames are always used in combination with passwords you need to understand how they work. Many content management systems automatically default to a username of admin, make sure yours doesn’t, hackers know this and use admin as a username more often than any other. My advice is to make them a random series of letters.
I’m paranoid about website security, as soon as a username is entered incorrectly on one of the websites I manage the user is automatically locked out for a number of days, perhaps you could do something similar.
In my opinion it’s always better to be too worried about password protection than to end up losing your whole business to a hacker. But if you follow these basic guidelines and develop good password habits, you can keep your accounts safe.