Passwords provide the first line of defense against unauthorized access to your computer. The stronger your password, the more protected your website or server will be from hackers and malicious software.
You should always keep your Woktron Client Account, DirectAdmin, and E-mail passwords secure, as well as any CMS such as Joomla or WordPress. Anything that's publicly accessible on the Internet should be using a strong password for your security.
To an attacker, a strong password should appear to be a random string of characters. The following criteria can help your passwords do so:
Each character that you add to your password increases the protection that it provides many times over. Your passwords should be 8 or more characters in length with 15 characters or longer as ideal.
The fewer types of characters in your password, the longer it must be. A 15-character password composed only of random letters and numbers is about 33,000 times stronger than an 8-character password composed of characters from the entire keyboard. If you cannot create a password that contains symbols, you need to make it considerably longer to get the same degree of protection. An ideal password combines both length and different types of symbols. Many systems also support use of the space bar in passwords.
Include numbers, capital letters and symbols.
The greater variety of characters that you have in your password, the harder it is to guess.
Consider using a password manager.
Programs such as KeePass (Windows and Linux) let you create a different very strong password for each of your sites. But you only have to remember a single master password to access the program that stores your passwords for you.
Use more than one password everywhere.
If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.
Password strategies to avoid
Do not create a password that is a Dictionary Word or a combination of Dictionary Words
If it’s in the dictionary, there is a chance someone will guess it. There’s even software that criminals use that can guess words used in dictionaries.
Don’t post it in plain sight.
This might seem obvious but studies have found that a lot of people post their password on their monitor with a sticky note. Bad idea. If you must write it down, hide the note somewhere where no one can find it.
Some common methods used to create passwords are easy to guess by criminals. To avoid weak, easy-to-guess passwords:
Never reveal your password to anyone.
Never give it to friends, even if they’re really good friends. A friend can – maybe even accidentally – pass your password along to others or even become an ex-friend and abuse it.
Don’t just use one password.
It’s possible that someone working at a site where you use that password could pass it on or use it to break into your accounts at other sites.
Avoid sequences or repeated characters.
"12345678," "222222," "abcdefg," or adjacent letters on your keyboard do not help make secure passwords.
Avoid using only look-alike substitutions of numbers or symbols.
Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an 'i' with a '1' or an 'a' with '@' as in "M1cr0$0ft" or "P@ssw0rd". But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
Avoid your login name.
Any part of your name, birthday, social security number, or similar information for your loved ones constitutes a bad password choice. This is one of the first things criminals will try.
Don’t Rely on Obvious Substitutions.
Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
Don’t fall for “phishing” attacks.
Be very careful before clicking on a link (even if it appears to be from a legitimate site) asking you to log in, change your password or provide any other personal information. It might be legit or it might be a “phishing” scam where the information you enter goes to a hacker. When in doubt, log on manually by typing what you know to be the site’s URL into your browser window.
Avoid using online storage.
If malicious users find these passwords stored online or on a networked computer, they have access to all your information.
How are passwords cracked?
Most accounts that have their passwords compromised are not done so by another human being directly.
Instead a computer will be tasked with guessing your password, so planning should go in to understanding and then deterring a computer from cracking your password.
A hacker has a variety of malicious tactics available to them when trying to crack your password. These would be the two most common attacks you see on the Internet today:
- Brute Force Attacks are accomplished by sheer brute force, with the attacker using a script to continually try to login to your account, trying all sorts of characters in different combinations till they break in.
- Dictionary Attacks are similiar in nature to brute force attacks, the main difference is that the attacker uses a dictionary of words rather than a set of characters to try to break into your account again and again.