The Importance of Good Passwords

April 1, 2014

There’s been a lot in the news this week about the Heartbleed vulnerability, and many companies have been contacting their customers advising them that it would be prudent to change their passwords.  This made me think about password security in general, and I thought I’d put down some pointers on how to set a decent password. After all, if you choose ulta-weak passwords, Heartbleed could be the least of your worries!

Much of my work involves repairing and renovating existing websites. To do this, my clients hand over their login details to allow me access to their sites. Invariably, I’m a little underwhelmed at the strength of the passwords they’ve chosen.  Whilst I don’t profess to be a security expert, Here are my common-sense pointers for better password security:

  • don’t use the same login and password combination for multiple sites, in particular don’t have the same username/password for your web hosting and your website’s CMS
  • don’t use ‘admin’ as the username for your CMS, especially in WordPress
  • don’t use children’s names, pets, or dates of birth in your passwords  – you’d be amazed at how much personal information 10 minutes of online digging can reveal about you!
  • make your passwords at least 8-10 characters long
  • include upper case and lower case letters, numbers, and punctuation
  • don’t just add a single punctuation symbol (like !) at the end of the password and think that’s strong enough
  • if you need help setting your password, try an online secure password generator
  • don’t store your passwords in a document stored online or on your computer – if you are infected by a trojan, it could read that password file

All of that might sound scary, but it’s simpy a matter of getting into good habits. And a little bit of sensible password setting now could save a whole heap of time and expense further down the line.