Near the top of the check-list on a WordPress install is changing the default user name ‘Admin’ and choosing a ‘strong’ password. That generally means a mix of upper case and lower case letters, numerals and symbols.
I’m reminded of this every time I check logs and notice the attempts made to hack into the ‘Admin’ user accounts on WordPress sites.
Yes, it may mean you won’t be able to memorise your passwords. But WordPress has the option of remembering your password and you probably have a list of passwords stored securely somewhere anyway. And yes, it is a bad idea to have one password for all your accounts. Most modern browsers come with built in password recall functionality – which means the security of your computer is also very important.
It’s a small inconvenience compared with the nightmare of having your site hacked.
Mashable recently published this article on the Worst Passwords of 2011 with some useful advice:
Pro tip: choosing “password” as your online password is not a good idea. In fact, unless you’re hoping to be an easy target for hackers, it’s the worst password you can possibly choose.
“Password” ranks first on password management application provider SplashData’s annual list of worst internet passwords, which are ordered by how common they are. (“Passw0rd,” with a numeral zero, isn’t much smarter, ranking 18th on the list.)
The list is somewhat predictable: Sequences of adjacent numbers or letters on the keyboard, such as “qwerty” and “123456,” and popular names, such as “ashley” and “michael,” all are common choices. Other common choices, such as “monkey” and “shadow,” are harder to explain.
As some websites have begun to require passwords to include both numbers and letters, it makes sense varied choices, such as “abc123″ and “trustno1,” are popular choices.
SplashData created the rankings based on millions of stolen passwords posted online by hackers. Here is the complete list:
- 1. password
- 2. 123456
- 3.12345678
- 4. qwerty
- 5. abc123
- 6. monkey
- 7. 1234567
- 8. letmein
- 9. trustno1
- 10. dragon
- 11. baseball
- 12. 111111
- 13. iloveyou
- 14. master
- 15. sunshine
- 16. ashley
- 17. bailey
- 18. passw0rd
- 19. shadow
- 20. 123123
- 21. 654321
- 22. superman
- 23. qazwsx
- 24. michael
- 25. football
SplashData CEO Morgan Slain urges businesses and consumers using any password on the list to change them immediately.
“Hackers can easily break into many accounts just by repeatedly trying common passwords,” Slain says. “Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft.”
The company provided some tips for choosing secure passwords in a statement:
- 1. Vary different types of characters in your passwords; include numbers, letters and special characters when possible.
- 2. Choose passwords of eight characters or more. Separate short words with spaces or underscores.
- 3. Don’t use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts.
See the original article in context and Mashable’s useful resources
