6th October 2020
Password security is essential. So when I configure a website for a client, rest assured that I will give you a complicated password. It will include upper and lower case, numbers, special characters and normally more than once.
This doesn’t always go down so well: I get moaned at, or requested it is changed to a simpler or one that the customers uses everywhere else. I say no.
So if you do find yourself in this situation, where I dig my heels in, these are my reasons:
If you have any type of security software on your website, you may get an email alerting that someone has tried (and failed) to get into the back of your website.
Now I should explain these logins aren’t people, they are mainly automated bots. Basically little programs that try to guess your user’s passwords. They would like nothing more than to get into the back of your website, look for vulnerable code or outdated software. If they do, they will unleash total mayhem.
More can be read about failed logins here
The record I have seen for the most automated logins in one day is around the 600 mark. Please do comment below if you can beat that.
I have had to clean up a few hacked websites, everything from rogue files sending out phishing emails to redirects to spammy /malicious websites. It is a very long, tiresome and expensive process.
The few times I have had to undergo this arduous task, I have no doubt that the client would rather have put the money to better use. It is also quite stressful and has me looking over my shoulder for some time afterwards.
I pride myself on the quality of my work and going by the nearly 20 years I have been up and running, my customers agree. If a client’s site was hacked, that would reflect badly on me. If it happened often, then no doubt my reputation would go down. Not on my watch.
Depending on how quickly it is detected, if your website keeps getting hacked, then in turn you may get a reputation with your customers: “Oh X’s website is down yet again.” This can be offputting and can result in your customers going elsewhere.
Although these constant logins will not effect your website performance they can slow it down considerably.
So all in all, I would rather be moaned at a bit for choosing a long and complicated password than all of the above.
As a basic security measure, you should have a strong password, but you should also:
Just one last thing: If you are going to write your passwords down store them securely. For added security, invest in password software.