Password Security: Why Mine are Complicated

6th October 2020

Password security is essential. So when I configure a website for a client, rest assured that I will give you a complicated password. It will include upper and lower case, numbers, special characters and normally more than once.

This doesn’t always go down so well: I get moaned at, or requested it is changed to a simpler or one that the customers uses everywhere else. I say no.

So if you do find yourself in this situation, where I dig my heels in, these are my reasons:

Unauthorised logins on websites happen – a lot

If you have any type of security software on your website, you may get an email alerting that someone has tried (and failed) to get into the back of your website.

Now I should explain these logins aren’t people, they are mainly automated bots. Basically little programs that try to guess your user’s passwords. They would like nothing more than to get into the back of your website, look for vulnerable code or outdated software. If they do, they will unleash total mayhem.

More can be read about failed logins here

The record I have seen for the most automated logins in one day is around the 600 mark. Please do comment below if you can beat that.

Cleaning up hacked websites is just horrible

I have had to clean up a few hacked websites, everything from rogue files sending out phishing emails to redirects to spammy /malicious websites. It is a very long, tiresome and expensive process.

The few times I have had to undergo this arduous task, I have no doubt that the client would rather have put the money to better use. It is also quite stressful and has me looking over my shoulder for some time afterwards.

I would not be a very good (or professional) web designer

I pride myself on the quality of my work and going by the nearly 20 years I have been up and running, my customers agree. If a client’s site was hacked, that would reflect badly on me. If it happened often, then no doubt my reputation would go down. Not on my watch.

It doesn’t reflect well on the customer

Depending on how quickly it is detected, if your website keeps getting hacked, then in turn you may get a reputation with your customers: “Oh X’s website is down yet again.” This can be offputting and can result in your customers going elsewhere.

Although these constant logins will not effect your website performance they can slow it down considerably.

Conclusion

So all in all, I would rather be moaned at a bit for choosing a long and complicated password than all of the above.

As a basic security measure, you should have a strong password, but you should also:

• Include security and firewall software on your website. This should also provide an activity log that flags unauthorised behaviour. It can also block or blacklist the culprits.
• Install an SSL certificate (secure socket layer). This encrypts any transmission between the browser and your website preventing your credentials from being discovered by the wrong eyes.
• Consider 2 factor authentication (2FA). Not only do you log into your login page, you also have to provide a code. This is provided either by text or an phone app that creates a random code.

Just one last thing: If you are going to write your passwords down store them securely. For added security, invest in password software.