Protect Your Blog With a Solid Password

May 8, 2007 | By Lorelle VanFossen | Filed Under Blogging, Features, Security

I’m not going to name names, but I heard recently of some WordPress bloggers who had their blog’s “broken into” not because of a vulnerability in the WordPress code, but because their passwords were easily guessed and used.

Is yours?

I vaguely remember a television court drama from a few years ago against a gun safe company, won because a locked gun safe was easily broken into by a child. The combination was very simple like a phone number, 123456 or 654321. For one of these bloggers, their password was their name spelled backwards. The other used the password “wordpress”. Is the password on your blog just as simple?

The most common passwords are:

According to Wikipedia’s explanation of Password Cracking, “Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs.”

With all of the hype over security vulnerabilities and patches, virus scanning programs, firewalls, and protecting passwords and usernames, people are still really stupid when it comes to choosing and disclosing their usernames and passwords. Wired reported on a MySpace phishing attempt to gain access to usernames and passwords with these results: “MySpace estimates that more than 100,000 people fell for the attack before it was shut down.”

They also reported that “while 65 percent of passwords contain eight characters or less, 17 percent are made up of six characters or less. The average password is eight characters long.” The eight character limit has been trained into us as that was the longest the earliest software programs could handle. It’s not true anymore, but it’s a habit. Is your password eight or less characters long?

Roger Grimes of InfoWorld got some of the information on the MySpace debacle and reported:

*Almost 1 percent of users had the word “password” as, or as part of, their password. Not real clever.

*Words, colors, years, names, sports, hobbies, and music groups were very popular. FYI, your girlfriend or boyfriend’s name isn’t that uncommon in most cases. I, too, luv Brandi, Bob, or Joe.

*The color red was twice as likely to be used in a password as blue. No other colors came close in popularity percentage-wise. I guess “chartreuse” is a relatively safe password choice.

*Other popular words include: angel, baby, boy, girl, big, monkey, me, and the.

*Cuss words were very popular. Boy, there’s a lot of aggression out there.

*I was surprised about how many Christian-sounding — for example, “Ilovejesus” — log-on names were associated with the worst cuss words.

*Names of sports — golf, football, soccer, and so on — were as popular as professional sports teams and college team nicknames.

The strongest passwords are created with letters and numbers, or even with characters such as !@#$%*(). There are also a variety of free online programs that will help you create a complex and not easily broken password. Unfortunately, remembering such passwords is more challenging.

Door, photography by Brent VanFossen, copyright Brent VanFossen - not for public useRemembering such passwords for every password need you have, such as with your blog, email, web host, social networking services, social bookmarking services, blog registrations, software registrations, forums, chats, discussion groups…I don’t know about you, but I’m overwhelmed with passwords. I have a clipboard with 12 pages of all the passwords I’ve had with all the various online password accessed services for over the years! How can we remember all of these?

We can’t. Yes, there are now software and browser programs which will “remember” for us, but hit the road, borrow a computer away from home or office and that password program won’t help you then. Still, the passwords we use the most need a method to make them complex but memorable.

A popular technique is to work with acronyms based upon a favorite phrase of music, poetry, or quote, or a simple sentence. For example, “Oh, I just can’t wait to be king” from the Lion King could be abbreviated as:

It also helps to not use the same password for everything you access. Some suggest using the name of the program or service within the password, spelled forwards or backwards or the first or last three or four letters, within their password.

Examples from above for a WordPress (WP) blog might be:

You could easily replace WordPress or WP with ebay, myspace, flickr, or whatever title you need to remember which is which.

Years ago, a security expert told me that if any part of your password is in the dictionary, it can be hacked. The two keys to protecting your password is making it difficult for others to figure out, and don’t tell others. No matter how “honest” their request may appear. According to Yahoo’s Security Password Tips: A password is like a toothbrush: Choose a good one and don’t share it.

Some articles with good tips on creating respectable and fairly foolproof passwords are:


Lorelle VanFossen blogs about blogging and WordPress on .


About the author: The author of Lorelle on WordPress, as well as several other blogs, Lorelle VanFossen has been blogging in one fashion or another for over 14 years, covering travel, nature and travel photography, web design, web theory and development, blogging, and WordPress extensively as web technologies developed. Lorelle is also the author of the fast-selling book, Blogging Tips: What Bloggers Won't Tell You About Blogging, available in the new Blog Herald Bookstore. Lorelle will be speaking at WordCamp Dallas March 29-30, the Alliance for Distance Education in California Summit April 2-5, 2008, and the Successful and Outstanding Bloggers Conference May 2-5 in Chicago.



Comments

35 Responses to “Protect Your Blog With a Solid Password”

  1. engtech on May 8th, 2007 10:43 am

    Good tip for passwords. people *always* forget that their passwords are as secure as the weakest site where they use the same password.

  2. J. Angelo Racoma on May 8th, 2007 10:55 am

    Leet speak works for me. Like your Lion King analogy, it could be 01jcwtbk or such. That way, you can also use symbols like @ or !, or numbers, and still not forget as easily. Unfortunately, sometimes those passwords are not as secure as truly random strings of text/characters. I usually attach some characters of the site URL or title in my mnemonic.

  3. pelf on May 8th, 2007 11:50 am

    I blogged about “managing my passwords” last month — and in the post, I quoted Justin Kistner’s method of systematic digital life management.

    We all can’t run away from memorizing passwords these days, huh? Every-freaking-thing we do online needs a password. I’d be delighted to chance upon sites that do not require you to register to enjoy the services/benefits :)

  4. raimondo on May 8th, 2007 1:50 pm

    The problem with “strong” password is “one to many”: one user has many online services to mantain.

    Do you have a suggestion?

  5. I Can Guess Your Password. « Going Like Sixty on May 8th, 2007 4:33 pm

    […] The indispensable Lorelle at Word Press says that these are the most commonly used passwords! But she also writes at length about how to make your password more secure. With all of the hype over security vulnerabilities and patches, virus scanning programs, firewalls, and protecting passwords and usernames, people are still really stupid when it comes to choosing and disclosing their usernames and passwords. The strongest passwords are created with letters and numbers, or even with characters such as !@#$%*(). There are also a variety of free online programs that will help you create a complex and not easily broken password. Unfortunately, remembering such passwords is more challenging. […]

  6. Lorelle VanFossen on May 8th, 2007 5:40 pm

    A suggestion on remembering or keeping track of all the m any passwords and user names? I’ve tried many online and desktop password keepers and the only truly successful method I’ve found is paper. I keep mine on printed forms I typed up with the site name, username, password, and any other info I need to “remember”. It “hides” in plain sight on my desk, on a clipboard. I just have to tear my desk apart to find it each time I need it. ;-)

  7. Passwords on May 9th, 2007 1:59 am

    […] The Blog Herald recently put up a quite solid post about Passwords […]

  8. Why You Should Choose A Secure Password on May 9th, 2007 10:08 am

    […] SecurityStats.com password strength tester Blog Herald article on choosing blog passwords […]

  9. Politics in the Zeros_archi »Blog Archive » Choose your passwords well on May 9th, 2007 11:08 pm

    […] Blog Herald has an excellent piece on how to choose a strong password, with lots of references and links. Good stuff. […]

  10. Marco on May 10th, 2007 3:13 am

    If you are going to use multiple strong and complex passwords you can’t remember all of them and you definitely need a password manager.

    Using a password manager is not merely convenient, it’s an effective way to adopt better security practices without too much stress. It basically sums up to: 1) never re-use the same password, 2) use strong passwords.

    Software products are certainly an option, but you could also consider a web based solution.
    (Yes, I’m a tad biased …)

    Clipperz is an online password manager that can do much more than simply storing your passwords.
    - ubiquitous access
    - direct login to online services
    - offline version
    - bookmarklet for quick data entry
    - nothing to install or backup
    - …

    It’s free and completely anonymous.

    Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.

    The key for the encryption process is a passphrase known only to you.
    Clipperz simply hosts your sensitive data in encrypted form and could never actually access the data in its plain form.

    For any further information refer to our website:
    http://www.clipperz.com.

    Marco
    Clipperz co-founder

  11. Jim on May 14th, 2007 10:28 pm

    I always like to use a combination of word + number + symbols if allowed.

  12. Web Browser Guide: Scams, Hoaxes, Rumor Mills, and Online Trash - Check the Facts : The Blog Herald on June 7th, 2007 5:57 pm

    […] would think that people would learn. MySpace bloggers were invited to share their passwords and usernames with a criminal phishing blog. About 100,000 people participated before MySpace shut them […]

  13. Why a strong password? on June 12th, 2007 8:04 am

    […] Protect Your Blog (or anything else) With a Solid Password […]

  14. How strong is your password? | Dissociated Press on June 12th, 2007 3:02 pm

    […] article on The Blog Herald discusses common problems with user-generated passwords, specifically that they’re too easy to guess. According to the article, users often choose […]

  15. Reflections » Blog Archive » Don’t Choose Stupid Passwords on June 14th, 2007 1:35 am

    […] and Notes Don’t Choose Stupid Passwords Lorelle VanFossen has a helpful article on how to choose a good password, along with a few tips about how to remember all those passwords. Comments(0)Copyright and […]

  16. What's your PaSsWoRd? - John Baker’s Blog on June 19th, 2007 5:25 am

    […] 19, 2007 in asides, blogging, quotations, computers Lorelle VanFossen, writing in The Blog Herald, has a list of the most commonly used […]

  17. The FreeColorPrinters Blog » Blog Archive » The Power of Passwords on July 18th, 2007 11:50 am

    […] “Protect Your Blog With a Solid Password” at Blog Herald (Great tips, and not just for blogs!) […]

  18. Protecting Your WordPress Blog « Lorelle on WordPress on September 10th, 2007 11:03 am

    […] Do not use a simple password like your name or the word “password”. Use a complicated and strong password. […]

  19. What is Hard About the Hard Work of Blogging? : The Blog Herald on October 14th, 2007 7:23 pm

    […] is always a concern for bloggers, as I reminded everyone when I asked them to update or change the passwords on their blogs to ensure they are not easily broken or […]

  20. Internet Ad Profiling Coming To a Wallet Near You : The Blog Herald on February 15th, 2008 1:19 pm

    […] might be really handing over the keys to your personal life in the process. In an article last year on protecting your blog password and security access, I reported on the MySpace phishing attempt in which more than 100,000 people gave away their […]

  21. Wordpress Security Tips and Hacks on February 17th, 2008 6:13 pm

    […] you might check lorelle’s article on blogherald called Protect Your Blog With a Solid Password, offering tips and tricks to help create a strong password that is also memorable, and how to deal […]

  22. WordPress Wednesday News: WordPress 2.5 News, Colleges and Schools Love WordPressMU, Viddler Meets WordPress, Theme Buyers Beware, Columns in Blog Posts, Feeds Without Plugins : The Blog Herald on February 20th, 2008 10:56 pm

    […] Secure WordPress: Noupe wrote “WordPress Security Tips and Hacks” recently with a good round-up of tips on improving your WordPress blog security with sensible tips, techniques, and WordPress Plugins. Remember, the first step in blog security is a strong password. […]

  23. 10 Medidas de Segurança a Implementar no Seu Blog Wordpress | WordPress-PT on February 21st, 2008 9:49 am

    […] também o artigo de Lorelle no Blogherald, Protect Your Blog With a Solid Password, que dá dicas e truques para criar uma password complexa e fácil de lembrar, além de discutir […]

  24. 10 medidas de segurança para o Wordpress on February 21st, 2008 4:20 pm

    […] também o artigo de Lorelle no Blogherald, Protect Your Blog With a Solid Password, que dá dicas e truques para criar uma password complexa e fácil de lembrar, além de discutir […]

  25. MB TechCenter - Desarrollo web, Tutoriales, Recursos y mas.. on February 24th, 2008 1:29 pm

    […] you might check lorelle’s article on blogherald called Protect Your Blog With a Solid Password, offering tips and tricks to help create a strong password that is also memorable, and how to deal […]

  26. 10 Medidas de Segurança para seu Blog Wordpress | Gulp - Desenvolvimento e diversão (youtube, orkut bloqueado, bbb7, videos, revistas gratis, camera escondida, sites bloqueados ...) on February 28th, 2008 7:34 pm

    […] também o artigo de Lorelle no Blogherald, Protect Your Blog With a Solid Password, que dá dicas e truques para criar uma senha complexa e fácil de lembrar, além de discutir ainda […]

  27. Fighting Blog Hacks: Preventing And Eliminating Intruders | Lost Art Of Blogging on March 6th, 2008 1:06 pm

    […] Oh and more thing: please use a decent password! If you feel unsure on how to pick a secure password, check out this excellent article by Lorelle. […]

  28.   10 medidas de segurança para seu blog em Wordpress TeclaF1 on March 21st, 2008 6:07 pm

    […] também o artigo de Lorelle no Blogherald, Protect Your Blog With a Solid Password, que dá dicas e truques para criar um password complexo e fácil de lembrar, além de discutir […]

  29. Protect Wordpress From Hackers Safe wp-admin folder | Index Blog on April 9th, 2008 8:36 pm

    […] strength checker that you could check.Also you might check lorelle’s article on blogherald called Protect Your Blog With a Solid Password, offering tips and tricks to help create a strong password that is also memorable, and how to deal […]

  30. Security Tips and Guidelines for Your Wordpress Blog | on April 18th, 2008 12:44 am

    […] you might check lorelle’s article on blogherald called Protect Your Blog With a Solid Password, offering tips and tricks to help create a strong password that is also memorable, and how to deal […]

  31. BlogLabs » Blog Archive » 10 Medidas de Segurança a Implementar no Seu Blog Wordpress on April 21st, 2008 8:31 pm

    […] também o artigo de Lorelle no Blogherald, Protect Your Blog With a Solid Password, que dá dicas e truques para criar uma password complexa e fácil de lembrar, além de […]

  32. WordPress Wednesday News: WordCamps Everywhere, Webware 100 Again, Plugins to Fix WordPress 2.5, Change Admin Colors, and More : The Blog Herald on April 23rd, 2008 5:50 pm

    […] several times in a week…” His recommendations: Update WordPress. Use common sense. Use strong passwords. Be […]

  33. WordPress Security Prevention, Reactions, and Scares « Lorelle on WordPress on April 28th, 2008 5:15 am

    […] security threats” to WordPress. His recommendations: Update WordPress. Use common sense. Use strong passwords. Be […]

  34. How to make your blog safe? | Life is simple! Don't make it complicated on April 28th, 2008 8:45 pm

    […] strong password for your wordpress […]

  35. Marulz Blog » Blog Arşivi » Lorelle on WP: WordPress Security Prevention, Reactions, and Scares on May 13th, 2008 10:36 am

    […] security threats” to WordPress. His recommendations: Update WordPress. Use common sense. Use strong passwords. Be […]

Contributors

Bloggy Award

Latest Reviews

More at Blogosphere News

Submitted News

Our Blog Metrics

Recommended

Splashpress Media

Powered by WordPress | Designed by Brian Gardner
Copyright © 2003 - 2008 by The Blog Herald - All Rights Reserved