How to prevent hackers on your site part 3: Strong Passwords
If you roll your eyes every time a new app or website asks you to choose a new password to access their service, you’re not alone. And quite possibly, like so many people, you tend to use the same passwords again and again, and keep it “something you’ll remember” like a part of your name, your business name or your site name. Unfortunately, the third most common reason we see people’s sites hacked is because they’ve used weak–and easily guessable–passwords. Don’t be fooled, hackers often have computers set up which allow them to spin through thousands of password variations very quickly. So if they know what your username is, it’s very quickly possible for them to break in if you’re using a weak password. Don’t use your name and 1-2-3, or any part of your name or business name. And definitely don’t use the word “Password”. Even if your password is relatively strong, if you know that your information has been a part of a business that’s being hacked, such as the most recent Optus data breach, it’s really worthwhile taking the time to update your passwords. If hackers have access to your username and password for one site they’ll take an educated guess that you’ve used the same details for other sites as well.
Tips for managing passwordsThe problem is, and I understand it, that we have to use so many passwords these days. How do you keep on top of them all? I highly recommend using a password manager such as LastPass or Dashlane or one of the other options that are available. We use LastPass as a general rule, which means that we each only have to remember one single password, and then use LastPass to generate difficult passwords (I’m talking, say, 30+ characters jumbled up characters that mean nothing) for every single website that we have access to. Creating unique passwords for each site and storing them in a central location makes it exponentially more difficult for hackers to try and guess. LastPass and Dashlane are both downloadable as browser extensions, and will detect username and password fields on websites, and can auto-fill if you request. You can also use these tools to share passwords securely with other people. Granted, if hackers manage to break into your LastPass or Dashlane account they then have access to every password you have stored there. We recommend setting your master-password as something long, specific, and that only you will know. These companies take their security very seriously, but if your account is ever compromised make sure you change the passwords stored in there as quickly as you are able. (One little note point, if you are going to use LastPass or something similar, make sure you have it installed in more than one place. For instance, if you have it on your desktop, make sure that you also have it on your mobile phone because if you lose access or forget your master password, then you can lose access to all your passwords which can be nightmarish.) Both LastPass and DashLane have free plans for single users, and are well-priced for peace of mind protection for larger organisations as well. If you are re-using weak passwords for all your sites, taking the step with something like this can be a big help in updating your online security.