Don’t Use Common Passwords

Occasionally, we run into a client that uses an insecure password. We typically tell them about the security implications, and suggest that they change it, and mention LastPass{.colorbox} as an alternative to having to remember a ton of complicated passwords.

There are simple ways you can check if you’re password is worth using. The big one to check is the top 500 most common passwords of all time{.colorbox}. It’s very common for bots to attack WordPress sites using the default admin username “admin” and the top 500 most common passwords. They just do a quick site to site attack and get a few people here and there with minimal effort. If you don’t use one of these passwords, you’ll fend off the common attackers.

The next step is to check the GRC Password Haystack{.colorbox}. While you don’t want to enter your passwords directly into a third party website asking for your password, you can get the same results by changing all of the letters, numbers, and characters, but keeping the same pattern. For instance “Thi5P4ssword!” could be tested using “Ab1cD2efghij.” because it has capital letters, lowercase letters, numbers, and special characters in the same places.

A great tip for making amazing passwords that are easy to remember is to use full sentences. The password “The tea kettle is blue.” is a better password than “vbQt|E$*’Od>4″, and is much easier to remember. It also allows for capital letters and special characters in places that make sense, so you don’t have to remember exactly how your garbled your text with leetspeak.

Use better passwords, because it might be the only thing between your business and someone looking to ruin it.