Password manager app maker Splashdata published earlier this year their research into the worst passwords of 2015, highlighting the worst passwords being used across North America and Western Europe. The list contains some corkers, here’s the top 10:
I guess we all laugh at such stupid choices, but it’s the age old problem: how do you remember your password? And as we use more and more online services that require passwords, how do we remember so many different ones?
As if our choice isn’t bad enough, as this ‘research’ on the Jimmy Kimmel Show reveals, it’s quite easy to get passwords from their owners…
But just as these people are ‘socially engineered’ to hand over their passwords on the streets of America, cyber criminals are doing the same to you every day. They might be sending you spam to trick you into handing over your account credentials (phishing) or spamming you with software which installs tools on your computer to record your keystrokes (key logging) when you’re on your banking website. And that’s not all – they’ll be brute force attacking your website login to try and guess your login and password details or they’ll flood your website with traffic so that it crashes and becomes vulnerable to attack.
And if you ever wondered why someone would try and hack into your website? Well just read this article from WordPress security firm, Wordfence and see it’s not all about getting access to sensitive data like account information of your customers…
So, what can you do to protect yourself
- Choose a long (no less than 8 characters) password which is a mix of upper and lower case letters, numbers and special characters. Use a password generation tool like this one from Norton if you want to generate seemingly random strings.
- Use different passwords for your different services
- Don’t click on attachments from strangers without first checking that they’re genuine – and remember, your bank and HMRC don’t email you zip files or ask you to fill out forms to confirm your passwords
- Be careful what you use to remember your passwords particularly if you use public computers – definitely don’t write them down and use ‘approved’ password lockers (e.g. Apple’s keychain or a commercial password manager)
What can you do to protect your WordPress website?
- Make sure your website is secure. Heed WordPress’s advice about login names and passwords and implement multi-factor authentication if possible; use the functionality of Jetpack to protect your site
- Make sure you keep backups for your site (I recommended a WordPress backup plugin in an earlier blog post)
- Keep your WordPress and plugin software up to date – they won’t necessarily be automatically updated
Keep safe out there – it’s a dog eat dog world when it comes to people trying to access your accounts. Use sensible passwords and you’ll be safe online.