Your website is only as secure as your password
Security of information is a huge issue these days and one that companies need to take very seriously. We have all seen the news headlines about large companies getting hacked and having to put out public apologies for losing customers details; HM Revenue & Customs, TalkTalk and Sony PlayStation Network to name but a few. Companies of this size spend millions of pounds each year working with data security experts to try and ensure their data is safe.
Security is not just for huge multinational companies, anyone hosting a website for their business or organisation needs to consider the security of that website.
We are often asked “Why would anyone hack my website?” and the answer is that even the smallest website that contains no customer data or apparent value to a hacker still serves a purpose. Most hacks that occur are not to steal data but to use your web server to relay spam, set up a temporary way of serving illegal files or to distribute viruses to your users with further ill intent. There are millions of small websites out there, often poorly secured.
Infecting all your customers’ PCs aside, a website that has been compromised tends to be black-listed very quickly these days, resulting in customers being warned not to access your website by their security software, browsers or search engines. This is obviously a huge issue if you use your website to convey important information to customers, provide users with a service or gain new business.
We spend a lot of time trying to keep our customers websites as secure as we can, from our selection of hosting providers, keeping the software up to date and monitoring hack attempts. By far the most common hack attempts come from hackers or automated scripts attempting to guess the sites password. This means that for all the security measures we put in place your site is only ever as secure as the password you set up (without limiting how and where you access your own site*).
So Annabelle from Annabelle’s Flower Emporium with the username ‘Annabelle’ and the password ‘flowers’ does not make for a secure website (don’t worry though, we have advised her to change this as a matter of urgency). Here are the recommendations for creating a secure password:
- Do not use easily guessed information such as your birth date, phone number, company name, pet’s name, user name, etc.
- It must be at least 8 characters long (we tend to use 16).
- It shouldn’t contain words found in the dictionary.
- It should use a mixture of upper and lower case letters, numbers and special characters such as @#$%^&.
- Never use ordered numbers ‘1234’
- Always use a different password per service (don’t use the same password for your Amazon, Outlook, PayPal etc)
Remembering secure passwords like this is not something that comes easily – especially when we use so many different services that require them. Luckily there are ways to make this easier. This article contains some excellent ideas for creating passwords that are both secure and memorable. Alternatively you can entrust your passwords to a password manager such as Dashlane, that will remember all your passwords for you along with a host of other neat tricks.
Lastly, although this article focuses on keeping your website secure, the exact same rule applies to every password you use to protect your data; email account, online banking/PayPal or accounting or CRM systems to name but a few.
If you would like more information on our services regarding website security, especially WordPress based sites, please give a us a call on 01392 691900. For all current clients we offer competitive web maintenance support which includes tailored cyber security advice on how to keep your website safe.
Tech World – The UK’s 11 most infamous data breaches 2015
makeuseof – 7 Ways To Make Up Passwords That Are Both Secure & Memorable
Dashlane – Password manager software
dinopass – Our favourite online password generator (This may be aimed at kids but we love it!)
*There are more secure ways to limit access to your website but these are often limiting to the average user. This article focuses on general access to an admin interface using a username and password.