The Importance of Password Security

Reading Time: 5 minutes

RDD Blog_February 2023_Website Security- Backing Up Your WordPress Site, Part 1

We need so many login credentials for our various accounts – email, phone apps, websites for our credit cards, insurance companies, online software tools, and more – it can be tempting to take password security too lightly in our efforts to simplify our lives. We might….

  1. Use the same password for multiple accounts.
  2. Or always incorporate our kids’ names or birthdays.
  3. Or, say, have spent a bunch of time creating a beautiful website for our business, Rosie’s Visual Arts School. And because we have to sign into the site frequently to update the schedule of art classes we offer, we enter RosiesArt1975 as the password.

These are very bad ideas. Why?

  1. You leave yourself vulnerable to credential stuffing.
  2. Easy to guess, plus you’re putting your family’s personal information out there.
  3. Do we really have to spell this out for you?

What’s at Stake if Your Passwords Are Weak

Have you ever had a credit or debit card number stolen? Most people we know have had this experience at least once. It’s a pain, but it’s not that hard to resolve. You call the bank or card company. They cancel your card and reverse the charges that weren’t yours. The worst of it is waiting for your new card to come in the mail.

Now imagine ALL your numbers are stolen. And not just all your credit cards. Someone’s got your….

  • Bank account numbers
  • Driver’s license number
  • Passport number
  • Insurance policy numbers
  • Maybe even your social security number

And not just all your numbers. Think about all the other personal information and details you keep digitally. 

Do you want them to be able to get into your apps and know your favorite Starbucks order? 

Or have access to all the photos your store on your device or in the cloud.

NOPE.

So, we must stop taking password security so lightly! Here’s what to do instead.   

Secure your Passwords with a Password Manager

Browser-based and other autofill options, like those on Google and Firefox are problematic and not a good way to ensure password security. Plus, their default settings are to remember your passwords for you. To get browsers to stop doing it all together, you have to change the option in your browser settings.

Using a password manager such as bitwarden, lastpass, or 1Password is a much better option for keeping your passwords secure.

The Benefits of a Password Manager

You only need to remember one, master password to rule them all, and you can easily create stronger passwords (we’re coming to that in a second), unique to each of your accounts. You can come up with secure passwords or phrases on your own, or the password managers will generate strong passwords for you.

Additional benefits include being about to store other information in these vaults. They typically allow you to also store all the other account numbers we mentioned above, like bank accounts, as well as providing a place to secure written notes of any kind. 

Plus, password managers allow you to control certain aspects of the passwords they generate for you. For example, you can specify the number of characters or the number of special characters (e.g., $ { # @) you want your password to include.

If you aren’t already using a password manager, get one now. There are a few free choices, and premium options may be well-worth $3-10 a month to keep your life secure. If you need help getting started, read what Forbes magazine has to say about your best picks for password security.

Can I Achieve Password Security without Tech?

That is, can you go analog and keep your passwords in a password book?

Well, yes…

Yet…maybe not.

Okay, perhaps you don’t fully trust a third-party to keep your passwords secure. We understand, especially in light of some recent news of security breaches.

So, you decide you can just keep your passwords written down in a password book or journal. That’s possibly better than nothing if it allows you to create strong, unique passwords for each of your accounts.

But if you keep it at home, what could happen if someone broke in? Or if a contractor comes across it while they’re in your house installing a new light switch?

At the very least, you’d have to keep it locked up when you’re not using it. And if you travel or meet with clients outside of our office, it’s probably a bad idea.

Create Secure Passwords That Are Long and Complex

The next way to establish password security is to make them long and complex.

Remember RosiesArt1975 from earlier? It’s long enough at 13 characters, but it’s too easy to guess – especially if Rosie was born in 1975.

In addition, it lacks complexity. Two words – and words for which hackers have clues to, at that – and a 4-digit number is way too simple for a secure password.

One route you can go to create secure passwords is to use a passphrase – which is easier to remember than 12+ random characters, But you also have to get creative about it.

An Example of a Secure Passphrase

A passphrase is what it sounds like: Instead of a word, you use part of a sentence.

Ideally, the phrases you select are something a little nonsensical, a bit unexpected, or an “inside joke” in the first place. 

And then, you embellish them even further with numbers and special characters. Here’s an example to help explain.

The mom of one of our team members designated “Figgy Fizz” as the family safe or code word because said team member and her cousin thought the name of  Bert’s favorite soda was hilarious

She might massage the passphrase Figgy Fizz into a secure password like this:

f1GG-E-F1zz_$oda

Get the idea? It might look almost random to someone else. But the person who’d end up in stitches of laughter every time someone said “Figgy Fizz” could probably remember this password. 

This can be a helpful strategy for securing passwords for accounts you must remember on your own rather than rely on a password manager. 

Set Up Two-Factor Verification

Two-Factor verification – or 2FA – means you need to use two pieces of information to access an account – your password plus something else. Doubling the factors required to access your account doesn’t just double your security. Due to the nature of the options for the second piece of information, the extra security is exponential.

Hey, guess what! We wrote an entire post on this subject, including how to set it up for your WordPress website. If you haven’t already set this up for your site, pop over to that post and do it.  

(We meant NOW. If you’re still here, you better have that set up already. HERE is that link again. Don’t make us come in there.)

A Bonus Tidbit on 2FA

A universal 2nd factor (u2f) security key, like YubiKey, can provide even greater security. It’s an option for the 2 in 2FA that’s designed expressly for that purpose, Plus, most of these devices cost between $20 and $50. A pretty small expense for keeping your passwords secure – and thereby keeping your life and your business secure.

At the End of the Day

We get it. Tech just might not be your thing. Although managing all your passwords for you is one of the (few!) things we can’t do for you, we’re really good at internet and marketing tech that you might like to get off your plate. Get in touch with us and learn how we can make your digital life easier.

Share This Post