Seite wählen

World Password Day 2020: Let’s Increase Your Password Security

Mai 7, 2020 | General

Today is World Password Day and we wanted to share some resources you can use to review your password security. World Password Day reminds us of the importance of having a solid password strategy for all your online accounts. These resources apply to password security in general but also specifically for WordPress websites.

Here’s a quick WordPress password quiz:

  • 1. Have you used the password again someplace else, for a separate account?
  • 2. Are you using “admin” as your WordPress username?
  • 3. Is your password a dictionary word?
  • 4. Have you shared your password with anyone else?
  • 5. Does your password have fewer than 12 characters?
  • 6. Does your password include numbers, symbols and both upper & lower case letters?
  • 7. Are you using two-factor authentication for your WordPress login?
If you answered “yes” to any of questions 1 – 5 or “no” to questions 6 – 7, it’s time to review your WordPress password security.

Don’t Use These Common Passwords!

Here’s a list of the most commonly used passwords. Do you recognize any of them?

1. 123456 10. 987654321 19. 555555
2. 123456789 11. qwertyuiop 20. 3rjs1la7qe
3. qwerty 12. mynoob 21. google
4. 12345678 13. 123321 22. 1q2w3e4r5t
5. 111111 14. 666666 23. 123qwe
6. 1234567890 15. 18atcskd2w 24. zxcvbnm
7. 1234567 16. 7777777 25. 1q2w3e
8. password 17. 1q2w3e4r
9. 123123 18. 654321

WordPress Password Tips

At a minimum, your WordPress admin password should meet the following requirements.

  • Include numbers, capitals, special characters (@, #, *, etc.)
  • Be long (12 characters – minimum; 50 characters – ideal)
  • Can include spaces and be a passphrase (Just don’t use the same password in multiple places)
  • Changed every 90 days, or 3 months

How to Increase Your Password Security: 9 Tips

Here are a few things you can do today to protect yourself and your WordPress website by strengthening your password.

Get simple tips for better WordPress security. Download the new ebook: WordPress Security Pocket Guide
Download now

1. Start Using a Password Manager

We’ll start here, with password managers, because the biggest complaint we hear about adopting password security is how inconvenient it can be to keep track of so many strong passwords. We understand. And that’s where password managers come into the picture.

We’re big advocates of using a password manager like LastPass or 1Password.

A password manager allows you to generate a strong, complex password for all your website logins, and then securely stores your login information. You can then install the browser extension for the password manager so you can easily autofill your login information.

By using a password manager, adopting the rest of these password security best practices becomes a lot easier.

With password managers, you only need to remember one password—your master password. Here’s more on why you should use a password manager.

Tip: Because the master password for your password manager account is so important, don’t forget to enable two-factor authentication for your account!

Tips For Using LastPass

Watch the Webinar: Getting Started with LastPass

One of the most important things you can do for web security is to have a strong, unique password for every site you use. LastPass can make that a reality. In this webinar, Nathan will walk through the features of this free password manager and demonstrate the benefits of its use.

2. Don’t Use the Same Password More Than Once, Ever

As an online security best practice, you need to have a long, complex and unique password for every web account you use. If you use the same email address and passwords for multiple websites that you log into, what happens when one of those websites gets hacked? Your email address and password is now on a list that will be used to try to log into other websites around the internet. If you use the same email address and password for all your websites, now the hacker will be able to log into all your accounts at once.

Once your password has been compromised, you now have the challenge of updating your information individually on every single website that has the same login information. Do you even remember them all? If you use the same email and password again on each one, you’re probably going to have to repeat this process again in the future.

3. Don’t Use the WordPress ‘Admin’ Username

“Admin” used to be the default username for WordPress, so loads of people had the same username. If you’ve had WordPress for a while, you could still be using admin as a username. That’s a WordPress security no-no.

One simple way to combat vulnerable logins is to not use default usernames.

So if you’re still using “admin” as your username, change it now! Newer versions of WordPress don’t allow it and the iThemes Security plugin can change it for you.

Tip: Use the iThemes Security plugin’s tool to change your “admin” username without any headaches.

4. Require/Enforce Strong WordPress Passwords for Privileged Users

If you have a website with multiple admin-level users, at a minimum, you should also be requiring those users to also have strong passwords. While you may have a strong password, if someone else doesn’t, your website is still at risk. That’s why it’s a good idea to enforce strong passwords for all users in your WordPress password security efforts.

Tip: Force users to use strong passwords as rated by the WordPress password meter. You can enable this setting using a WordPress security plugin such as the iThemes Security Pro plugin.

5. Make it Easy to Generate Strong Passwords

Don’t try to come up with long, unique and complex passwords on your own. Take advantage of password generators to do the job for you. Either use your password manager to generate a strong password or the iThemes Security plugin.

Tip: After enabling strong password enforcement from the iThemes Security dashboard, visit any user profile page. In the Account Management section, you can generate a strong password with just one click.

6. Change your Passwords Frequently

If you haven’t changed your password in the last 4 months, change it now. Set yourself a reminder to change your password every 120 days.

Tip: With iThemes Security Pro plugin, you can enable password expiration for your WordPress website. With this setting, you can force users to change their passwords after a certain number of days.

Watch the Webinar: Password Security – A WordPress Security Chat with Aaron Campbell

7. Protect Your WordPress Website from Brute Force Attacks

Brute force attacks refer to a trial and error method used to discover username and password combinations in order to hack into a website. The brute force attack method exploits the simplest form of gaining access to a site: by trying to guess usernames and passwords, over and over again, until they’re successful.

So it’s a good idea to limit the number of failed login attempts allowed per user with WordPress brute force protection. If someone is trying to guess your password, they’ll get locked out after a few attempts.

Tip: Enable Brute Force Protection within the iThemes Security plugin to limit the number of login attempts.

Download the Ebook: A Guide to WordPress Brute Force Attacks

What are WordPress brute force attacks and why should you care? In this ebook, we explain how brute force attacks work and why WordPress sites are at risk. We also offer tips on how to protect your website.

In this ebook, you’ll learn:

  • What are WordPress brute force attacks?
  • How do brute force attacks work?
  • Are you inviting brute force attacks?
  • Why WordPress sites are at risk
  • 5 ways to prevent WordPress brute force attacks
  • Tips to protect your site for users, admins and developers
  • How a WordPress security plugin can help

8. Enable WordPress Two-Factor Authentication

We’ve saved this tip for last, but it’s probably the most important. Two-factor authentication, also known as two-step verification, is one of the best ways to protect your login. WordPress two-factor authentication adds an extra layer of WordPress security to verify it’s actually you logging in and not someone who gained access (or even guessed) your password.

With two-factor authentication, users are required to enter both a password AND a secondary code sent to a secondary device such as a smartphone or tablet. Both the password and the code are required to successfully log in to a user account.

Tip: It’s easy to add two-factor authentication on your WordPress website using a plugin like iThemes Security Pro. Then you can configure your choice of authentication method: mobile apps such as Google Authenticator or Authy or email.

9. Make WordPress Security Easy With Passwordless Logins

In reality, passwords are soon to be a relic of the past, which is why all of the major tech companies trying to kill passwords. That’s where Passwordless Logins come in, a new way to simplify the login process with extra security. Now you can add Passwordless Logins to your WordPress site with the iThemes Security Pro plugin.

Learn more about how to get started with passwordless logins. Download the new ebook: Getting Started with Passwordless Login
Download now

Learn more about how to get started with passwordless login for your WordPress website.

In this ebook, you’ll learn:

  • The passwordless future
  • Different methods of passwordless login
  • Adding passwordless login to your WordPress website
  • How the passwordless login method works

Watch the Webinar: The Passwordless Future of WordPress

Wrapping Up: World Password Day

A strong password is your first step in securing your WordPress website and World Password Day is a great time to review your passwords.

Get iThemes Security Pro, our WordPress security plugin, with 30+ ways to secure and protect your WordPress website.

Download iThemes Security Pro now

The post World Password Day 2020: Let’s Increase Your Password Security appeared first on iThemes.

Source: Security Feed

Share This