Strong, Easy Passwords

In many of the websites I build and maintain, I’m lately observing that hack violations are getting more frequent, and more sophisticated. A good secure password therefore, has become all the more important. The problem is how do I make a secure password that I will remember? This article will tell you how to do just that.

Why This is Important

It’s estimated that perhaps a third of all websites out there are now on the WordPress platform. And I expect this to increase quickly. Why? Because it’s an easy and robust program. Long gone is the necessity of learning “hard code”. However, WordPress has some very uniform administrative page addresses, for users, logins etc.) And these are an easy target for hackers.

I recently designed a website for a client, and within three days from domain acquisition to design and publish, it was already targeted by mostly out of country visitors (read, hackers).  Two months later, there have now been some 4,500 illegal attempts at guessing passwords for entry. Wow. If only the actual traffic was that good!

And, for your info, if your site is hacked, you will likely not know it. It’s not about changing your content. It’s about putting in their content, into a subdirectory that they create. Why? Because they use this to advertise their spam on your bandwidth. (Hint: how to know? Look for an unusual subdirectory off of the root that you didn’t create. Or a significant increase in bandwidth usage. Write me for other methods.)

The Anatomy of a Password, Numbers Version

First, let’s talk about what makes a good password and why. If your password were a single letter long, and lowercase, it could be guessed in twenty-six attempts (a through z). If the similar password were two letters long, it would require 676 guesses (26×26): twenty-six for the second, times each of the twenty-six first letters. And so on for three (17,576), four, and so on. Now, if you add numbers, it’s not twenty-six guesses, but thirty-six (plus 0 through 9), which results in 1,296 possibilities for a two-letter password. And adding numbers AND capitals (and lower case) to each digit raises that two-digit password to one out of 3,844 chances.

This is why good passwords must have a mix of lower case, upper case, numbers, AND special characters (@, #, $, %, etc.), which raises that two-digit password to one in about 8,500 — for a single two-digit password! Imagine longer. Like twenty characters longer. And now you have a strong password.

Ah, and don’t think that three ten-digit names gives you a thirty-character password; it’s closer to a three-digit one, as names and common words are pre-programmed to run through first. It really must be totally random for safety.

Make it Memorable

OK, so how do you make such a strong word memorable? It’s actually easy, and is the subject of this post. You begin with a meaningful (to you) phrase, for example: “The rain in Spain falls mainly on the plain.” Taking the first letter of each word (still memorable) would be “trisfmotp”. Capitalizing say every other word, or every third word might yield “TrIsFmOtP” — and now we’re getting there. With one final step, look at the password and see if you can substitute advanced characters for some of the letters — perhaps “Tr1sRm@tP”, substituting the number one for the first “I”, and the @ symbol for the O — 4.7 x 10^17 (ten times seventeen zeros) — all from a simple phrase.

It’s a Good Start

While that’s a good start, and incredibly hard to guess, their computer crunching power is beginning to get past these as well. WordPress will give suggested passwords for certain screens, and I just generated one as an example for this article: “nze2d*$WWU&!e9^%4oVisCxP” –Well, if the previous discussion wasn’t scary enough, a similarly generated password of mine was hacked this week. That’s sobriety for you.

So, how do you get fully there? For one thing, be diligent to check your files for unusual activity. For another, and to still keep it memorable, combine two phrases. Write me if you have questions.

Leave a Reply