Password Management – an inextricable part of your online identity. Passwords work in conjunction with your username to provide proof that those credentials belong to you, as does any data associated with the particular user account. Properly managing your passwords is important for protecting you and your identity.
Your password gives you access to everything within your WordPress website, as well, from plugins to blog posts to themes and everything in between. Of course, passwords are inherently insecure and can be compromised quite easily in many cases.
However, with a few tips and best practices, you can improve your password strength and better manage the passwords you use, as well as those used by others with access to your website.
Table of Contents
Make your password unique
This one should be a no-brainer, but we’re going to cover it anyway. Every single password on your site should be unique. Never, ever share passwords across accounts. In addition, everyone with access to your website should have their own username (with its own password).
[bctt tweet=”This also applies to other areas of your online life – never, ever, use the same password for more than one account.” username=”larskoudal”]
Make your passwords long
Another basic password management tip that we’ve covered in other blog posts, but that deserves another mention, is that length plays a role in security.
The longer your passwords, the more secure they’ll be. It requires a lot more to crack a password like 111PickledCabbage333 than it does 12345. It would be even better if you interspersed the numbers within the letters.
And always, always, make sure to include letters, numbers, and special characters in your password, as well as more than one word.
Change Passwords Regularly
There are many overlooked aspects to password management, and one of the most frequently ignored is the mandate to change your password regularly.
This is not something you’re told just to make your life more difficult. You really should change your password several times per year – once per month would not be too often.
Do not recycle passwords
Most of us are guilty of using the same few passwords (or even the same password) for all websites. Don’t do that. Your passwords should be used once and then thrown away never to be used again.
Recycling your password increases the chances that an attacker will eventually be able to get into your account just by saving a purloined password until it rolls back around in the rotation.
Don’t Rely on Your Browser for Password Management
Chances are good that you have at least been tempted to let your browser remember your login credentials for you. It’s convenient, for sure. It also syncs across your devices with most browsers.
For instance, if you have Chrome for your Mac and for your iPhone, then you can store and sync your usernames and passwords in Chrome and have them auto populate through your iPhone and your Mac as long as you’re logged into your Google account.
However, there’s the catch – you’re pinning all of your hopes of security on your Google account not being compromised. Let us promise you, that account is just as susceptible to hacking as any other. Instead, opt for a real password manager (we’ll talk about those shortly).
Two-Factor Authentication is important
If you’re a Gmail user, then you’re familiar with the concept of two-factor authentication. For those who aren’t, let’s refresh it briefly.
Two-factor authentication relies on you having your username and password, as well as another device, usually a smartphone. When you log into your account, the server automatically sends a security code to your device.
You input that code and are granted access. If you don’t enter the code, you’re blocked from the account.
So, unless your device has been spoofed (which is possible), your login credentials are pretty safe from attackers. Two-factor authentication can be added to WordPress websites with specific plugins (Two Factor and Two Factor SMS, for instance).
Be Educated about Phishing Attacks
While many accounts are compromised in what is called brute force attacks, other methods convince you to hand your credentials over to attackers.
Called phishing, this practice generally involves email, but can also use other methods, including your phone. You might receive an email from your credit card provider that there’s an issue with your account and a link to click to fix the issue. You click the link, arrive at a website, enter your credentials, and *boom* the attacker now has your username and password.
The link in the email didn’t take you to the credit card company’s website, but to a carefully designed fake created by hackers.
Secure Your Devices
Password management and security are not just about using the right password and changing it regularly. It also means that you need to ensure that your devices are free of malware, viruses, and other threats like keyloggers.
All of these can be used to steal your information from your device quickly and quietly. The same applies to your WordPress site – malware embedded in dangerous files could dramatically increase your risk. A malware scanner can help to reduce the chance of you falling victim to this.
Use Biometrics for Your Phone
Most website owners find that they eventually need to log into their site from their mobile device. That’s convenient, certainly. However, if you can do it, so can anyone who steals your phone (plus they get access to everything else stored on your phone and in connected accounts).
Make sure you use a fingerprint scanner to protect access to your phone.
Use a Password Manager
Good passwords are long, complex, and frequently changed. That makes them hard for you to remember, though. Using a password manager can simplify things a great deal.
Of course, you need to ensure that you’re using a reputable manager that offers state of the art encryption to protect your data, or you might as well just hand over your credentials to attackers.
With these tips, you will be able to better manage passwords on your WordPress site and in the rest of your life. You should also be able to create stronger passwords that are more difficult to break, encouraging would-be attackers to seek easier prey.