Author: David Hoffman 8/7/2011
Safer password practices for you and your customers are important. Hackers can employ algorithms that are cunning enough to try combinations of your domain name, name, birthday, etc., along with the standard common numbers, colors, and words.
Example:
If my name was Eric Romero, an administrator at the Texas Bicycling Association, with an email of eric-romero@txbikes.org, whose birthday was August 10, 1971, here are some example passwords that would be unsuitable, because they’d be cracked within seconds:
password, pass, pw, pass123, 123, abc, asdf, eric, romero, ericromero, eric81071, 08101971, august, 1971, erictxbikes, ericbikes, txbikes, test, biking, bicycle
Once hackers know that this password will get them logged in once, they’ll try this password out everywhere there’s a login. This might gain them access to all your confidential customer data. Your customers might, at the very least, get more spam and junk mail. At worst: identity theft, lost revenue, website downtime, etc.
An example of a moderately safe password would instead be: reso1V@$
Password Best Practices:
A password checker will evaluate your password’s strength. Here is a good password checker to try.
We encourage you to change your email, database and admin passwords now, and we recommend that you change them every 6 months.