Protect Your Blog With a Solid Password

I’m not going to name names, but I heard recently of some WordPress bloggers who had their blog’s “broken into” not because of a vulnerability in the WordPress code, but because their passwords were easily guessed and used.

Is yours?

I vaguely remember a television court drama from a few years ago against a gun safe company, won because a locked gun safe was easily broken into by a child. The combination was very simple like a phone number, 123456 or 654321. For one of these bloggers, their password was their name spelled backwards. The other used the password “wordpress”. Is the password on your blog just as simple?

The most common passwords are:

  • Middle names
  • Names spelled backwards
  • Phone numbers
  • The word “password”
  • Birthdays
  • Single or combination uses of love, god, sex, and money, such as lovemoney or sexgod
  • qwerty
  • abc123
  • password1
  • asdf
  • car license
  • letmein
  • yourname1
  • default

According to Wikipedia’s explanation of Password Cracking, “Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs.”

With all of the hype over security vulnerabilities and patches, virus scanning programs, firewalls, and protecting passwords and usernames, people are still really stupid when it comes to choosing and disclosing their usernames and passwords. Wired reported on a MySpace phishing attempt to gain access to usernames and passwords with these results: “MySpace estimates that more than 100,000 people fell for the attack before it was shut down.”

They also reported that “while 65 percent of passwords contain eight characters or less, 17 percent are made up of six characters or less. The average password is eight characters long.” The eight character limit has been trained into us as that was the longest the earliest software programs could handle. It’s not true anymore, but it’s a habit. Is your password eight or less characters long?

Roger Grimes of InfoWorld got some of the information on the MySpace debacle and reported:

*Almost 1 percent of users had the word “password” as, or as part of, their password. Not real clever.

*Words, colors, years, names, sports, hobbies, and music groups were very popular. FYI, your girlfriend or boyfriend’s name isn’t that uncommon in most cases. I, too, luv Brandi, Bob, or Joe.

*The color red was twice as likely to be used in a password as blue. No other colors came close in popularity percentage-wise. I guess “chartreuse” is a relatively safe password choice.

*Other popular words include: angel, baby, boy, girl, big, monkey, me, and the.

*Cuss words were very popular. Boy, there’s a lot of aggression out there.

*I was surprised about how many Christian-sounding — for example, “Ilovejesus” — log-on names were associated with the worst cuss words.

*Names of sports — golf, football, soccer, and so on — were as popular as professional sports teams and college team nicknames.

The strongest passwords are created with letters and numbers, or even with characters such as !@#$%*(). There are also a variety of free online programs that will help you create a complex and not easily broken password. Unfortunately, remembering such passwords is more challenging.

Door, photography by Brent VanFossen, copyright Brent VanFossen - not for public useRemembering such passwords for every password need you have, such as with your blog, email, web host, social networking services, social bookmarking services, blog registrations, software registrations, forums, chats, discussion groups…I don’t know about you, but I’m overwhelmed with passwords. I have a clipboard with 12 pages of all the passwords I’ve had with all the various online password accessed services for over the years! How can we remember all of these?

We can’t. Yes, there are now software and browser programs which will “remember” for us, but hit the road, borrow a computer away from home or office and that password program won’t help you then. Still, the passwords we use the most need a method to make them complex but memorable.

A popular technique is to work with acronyms based upon a favorite phrase of music, poetry, or quote, or a simple sentence. For example, “Oh, I just can’t wait to be king” from the Lion King could be abbreviated as:

  • OIJCWTBK
  • OiJcWtBk
  • OeyeJcW82bK
  • Oheyejustc8ntw82bking
  • kbtwcjio
  • 01j(W2bk
  • hiuaaoei (using the second letter of each word)
  • 01j(\/\/7B|Leet Speak Converter)

It also helps to not use the same password for everything you access. Some suggest using the name of the program or service within the password, spelled forwards or backwards or the first or last three or four letters, within their password.

Examples from above for a WordPress (WP) blog might be:

  • OIJCWPWTBK
  • WPOIJCWTBK
  • OIJCWTBKWP
  • OIJCWWordPressTBK
  • OIJCWTBKWordPress

You could easily replace WordPress or WP with ebay, myspace, flickr, or whatever title you need to remember which is which.

Years ago, a security expert told me that if any part of your password is in the dictionary, it can be hacked. The two keys to protecting your password is making it difficult for others to figure out, and don’t tell others. No matter how “honest” their request may appear. According to Yahoo’s Security Password Tips: A password is like a toothbrush: Choose a good one and don’t share it.

Some articles with good tips on creating respectable and fairly foolproof passwords are:


Lorelle VanFossen blogs about blogging and WordPress on .

Comments

  1. says

    Leet speak works for me. Like your Lion King analogy, it could be 01jcwtbk or such. That way, you can also use symbols like @ or !, or numbers, and still not forget as easily. Unfortunately, sometimes those passwords are not as secure as truly random strings of text/characters. I usually attach some characters of the site URL or title in my mnemonic.

  2. says

    I blogged about “managing my passwords” last month — and in the post, I quoted Justin Kistner’s method of systematic digital life management.

    We all can’t run away from memorizing passwords these days, huh? Every-freaking-thing we do online needs a password. I’d be delighted to chance upon sites that do not require you to register to enjoy the services/benefits :)

  3. says

    The problem with “strong” password is “one to many”: one user has many online services to mantain.

    Do you have a suggestion?

  4. says

    A suggestion on remembering or keeping track of all the m any passwords and user names? I’ve tried many online and desktop password keepers and the only truly successful method I’ve found is paper. I keep mine on printed forms I typed up with the site name, username, password, and any other info I need to “remember”. It “hides” in plain sight on my desk, on a clipboard. I just have to tear my desk apart to find it each time I need it. ;-)

  5. says

    If you are going to use multiple strong and complex passwords you can’t remember all of them and you definitely need a password manager.

    Using a password manager is not merely convenient, it’s an effective way to adopt better security practices without too much stress. It basically sums up to: 1) never re-use the same password, 2) use strong passwords.

    Software products are certainly an option, but you could also consider a web based solution.
    (Yes, I’m a tad biased …)

    Clipperz is an online password manager that can do much more than simply storing your passwords.
    – ubiquitous access
    – direct login to online services
    – offline version
    – bookmarklet for quick data entry
    – nothing to install or backup
    – …

    It’s free and completely anonymous.

    Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.

    The key for the encryption process is a passphrase known only to you.
    Clipperz simply hosts your sensitive data in encrypted form and could never actually access the data in its plain form.

    For any further information refer to our website:
    http://www.clipperz.com.

    Marco
    Clipperz co-founder

Trackbacks

  1. […] The indispensable Lorelle at Word Press says that these are the most commonly used passwords! But she also writes at length about how to make your password more secure. With all of the hype over security vulnerabilities and patches, virus scanning programs, firewalls, and protecting passwords and usernames, people are still really stupid when it comes to choosing and disclosing their usernames and passwords. The strongest passwords are created with letters and numbers, or even with characters such as !@#$%*(). There are also a variety of free online programs that will help you create a complex and not easily broken password. Unfortunately, remembering such passwords is more challenging. […]

  2. […] Secure WordPress: Noupe wrote “WordPress Security Tips and Hacks” recently with a good round-up of tips on improving your WordPress blog security with sensible tips, techniques, and WordPress Plugins. Remember, the first step in blog security is a strong password. […]