This list of most popular passwords, published by SplashData, may surprise you as much as it did me: and no, being #1 on the list is not what you want!
- password
- 123456
- 12345678
- qwerty
- abc123
- monkey
- 1234567
- letmein (uh, yeah)
- trustno1
- dragon
- baseball
- 111111
- iloveyou
- master
- sunshine
- ashley
- bailey
- passw0rd (zero instead of an o)
- shadow
- 123123
- 654321
- superman
- qazwsx (check a keyboard)
- michael
- football
SplashData provides password management software. If you're resorting to the same passwords above or your family member names and birthdates then you need a password safe! Don't just add 123 to a bad password. Hackers are smarter than that...
Having a strong password is especially important for bloggers and online sites, given the number of hackers (paid and having fun) who target the innocent. Well if you take no precautions against attack then we might call you an enabler. 
Precautions and Protection for your Site
1. Limit Login Attempts - brute force attack on the front door
First let me ask if you're guilty of using the default WP login of 'admin'? Don't be ashamed, just fix it now! Most bloggers are industrious but some are completely hands off (unaware) when a freelancer or friend turns over their freshly installed WP. They start using the Admin user name and never look back --- until the site is compromised by a hacker.
If you have the Admin user name (even if you personally use a second login name) you're putting your site at-risk. I use a plugin, Limit Login Attempts, to lockout anyone trying invalid passwords more than x times. They get the message there's a 'bulldog' behind the locked door and move on to the next house, so to speak.
Look at the log of repeated attempts to get in this blog using 'admin' and some ridiculously simple password:
| IP | Tried to log in as |
|---|---|
| 88.226.89.147 | admin (2 lockouts) |
| 184.74.162.26 | admin (2 lockouts) |
| 80.33.153.20 | Admin (1 lockout) |
| 80.35.97.91 | Admin (1 lockout) |
| 202.80.147.185 | Admin (2 lockouts) |
| 80.58.205.103 | Admin (3 lockouts) |
| 109.163.230.207 | admin (1 lockout) |
| 80.34.77.184 | Admin (1 lockout) |
| 80.25.95.249 | Admin (1 lockout) |
| 110.142.78.177 | Admin (1 lockout) |
| 80.58.205.99 | Admin (1 lockout) |
| 80.25.109.135 | Admin (1 lockout) |
| 81.214.50.116 | admin (2 lockouts) |
| 203.111.171.142 | Admin (1 lockout) |
| 202.92.86.155 | Admin (2 lockouts) |
| 80.33.195.34 | Admin (2 lockouts) |
| 83.56.132.200 | Admin (1 lockout) |
| 80.36.162.99 | Admin (3 lockouts) |
| 91.224.160.132 | admin (1 lockout) |
| 81.33.5.232 | Admin (1 lockout) |
| 125.255.84.98 | Admin (2 lockouts) |
| 80.28.106.14 | Admin (1 lockout) |
| 83.42.224.55 | Admin (2 lockouts) |
| 110.143.65.138 | Admin (1 lockout) |
| 193.153.76.201 | Admin (1 lockout) |
| 203.29.67.138 | Admin (1 lockout) |
Don't breathe a sign of relief if you're not using Admin but instead using your first name or the blog's name to login! Hello, hackers are smarter than that when it comes to knowing human nature.
Try installing a plugin to limit logins and see for yourself --- there are bad guys out there for sure... they use brute force to crack any ridiculous passwords!
2. Strong Passwords - for those who breach the first lock
Strong passwords don't have to be hard to remember, just don't use the same one on social media sites that you use with more 'important' sites like your blog or online bank account.
One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, "eat cake at 8!" or "car_park_city?" - SplashData
You can generate a strong password for critical protection:
- Passwords safes often have an automatic generator for passwords.
- Online generators can also do the job for you. This one gives you multiple random passwords with upper/lower case and special characters at TechZoom.net.
The first pass generated "1B5MCN4d". I then duplicated the special characters to force more of them and got this one "W=%8BZAj" . If you repeat the next set of passwords are completely different. Using 12 characters guarantees a hacker would work over 10,000 years to crack your site. I feed the "W=%8BZAj" password in the How secure is my password site that. Results show a desktop pc could crack that in 57 days. So I added 4 more characters "W=%8BZAjMore" and it went to 5 million years... wow.
3. Change your passwords on regular basis
Using a password safe, you can afford to change your important passwords on a routine basis. The password to open your safe must be easy to remember yet strong. Think length, mix of characters and words/places you would remember. Many sites have security challenges to answer predetermined questions. You can incorporate some of those in your safe password. Be sure to backup your password database.
Your Turn
What have you learned and want to share about password protection? How do you prevent login attacks? Know someone who could use this article? Bookmark it, using their favorite social network icon.
Get email delivery of new posts!
Recent Comments