Are your passwords safe?

We are all tired of having to remember complex passwords for every site we visit. Yet most of us know that it is import to use complex passwords that are hard to hack. With the recent attacks on Target, this has been brought to our attention again. So how can you be sure that your passwords are really safe?

SplashData has announced its annual list of the 25 most common passwords found on the Internet. (http://splashdata.com/press/worstpasswords2013.htm). The two most common passwords are 123456 and password. I assume you know those are not secure and should not be used for online transactions. but it’s not just passwords that cause a problem – its also user names, especially when logging into the administrative dashboard of your website. By default, most websites use the username of “admin”. Hackers know this, so they try to hack into your website with admin / 123456 or admin / password in order to steal credit card information and/or emails.

Occasionally, I get notices from hosting companies that say something like:

“Your website was recently under a brute force login attack. Unauthorized users were attempting to gain access to the administrative section of your site by attempting enormous amounts of logins to the wp-login.php page found on the site. To prevent their entry, and to lower the resource usage caused by these attempts on the server, we have blocked all external access to this page.”

Then when you try to login to your website, you get a message that you are not authorized to view the page. Another common problem with unsecure passwords is that hackers might inject malware into your website. This is often in the form of an iframe with a script that re-directs the visitor to another page, but can also give the hacker access to credit card data and emails stored on your website. It is extremely important that you use these simple rules for your passwords:

1. Use a complex password of at least 7 upper and lower case letters, plus numbers and at least one special character (!@#$%^&*).

2. Do not use the same password on multiple sites.

3. Keep your passwords safe – do not send them through email and do not store them in an un-encrypted file on your computer.

4. Change your passwords every 3 months.

While painful, it is not nearly as painful as having your identity stolen or your ecommerce website getting hacked.

One way to keep track of all your passwords is to use a password manager. You can pay a monthly fee to use one, but I recommend KeePass. KeePass is a free, open source, light-weight and easy-to-use password manager for Windows, Linux, Mac OS X and mobile devices. You can store your passwords in a highly-encrypted database, which is locked with one master password or key file. You must remember one complex password, which gives you access to all of your other passwords. But complex does not mean hard to remember; it could be a sentence, for example. You can get KeePass here: http://keepass.info/download.html