Thousands, even millions of accounts are getting hacked every day across different platforms. While some of them are compromised as a result of website breaches or elaborate social engineering attacks, many accounts simply use a weak password. It doesn’t take much to guess a weak password, especially if a particular website does not have protection against multiple login attempts.

In this article, we will have a look at passwords – how to choose a strong one and what mistakes to avoid. Keeping your domain names, website content and emails safe is crucial, especially if you run an online business – losing any of these services can put your entire business at stake.

Why do you need a strong password?

Stolen credentials and brute force attacks are among the most common attack vectors, according to the 2021 Data Breach Investigations Report by Verizon.

A password is the most basic, yet the strongest authentication option. With very few exceptions (biometric login, for example), entering the correct password is the only way to access an account. This is why, the stronger the password, the better the security and the harder for an unauthorized party to access your account

As more and more services are available online, security has become quite important. Your bank account and credit card information, personal data, personal and business correspondence, domain names, bills, etc., are all accessible online. Of course, it is recommended to use any additional security measures that a given provider supports, such as adding 2-factor authentication. Not all providers offer such options, though. If you use a simple password, you have to rely solely on the provider to protect your account from a brute force attack where a third-party will simply try lots of character combinations until they guess your password. This is why, you should do everything that depends on you to protect your account, including to choose a strong password.

Six common mistakes to avoid

When it comes to passwords, people often choose something they will remember easily. Making things easy is usually not a good idea. If it will be easy for you, it will probably be easy for anybody else. Check out the common mistakes we have listed below and make sure you avoid them.

  • Do not use the same password for multiple accounts. This is one of the biggest mistakes people make. If you use the same password across multiple platforms, a possible security breach in a single platform will put all your accounts at risk. If the combination of your email/username and password is the same, nothing will stop an unauthorized party from accessing your other accounts, changing their password and stealing or using any information they find.

    Big corporations have large security teams, but their systems are being attacked more often and on a massive scale, making a security breach more probable. Small websites are usually not the target of cyber criminals, but their security is usually quite weak, which can also leave the door open for a third-party. You never know which of your accounts will get compromised, so you shouldn’t take chances by re-using the same password for some or even all of them.
Source: Google / Harris Poll, USA, October 2019
  • Do not use bad passwords. It may be tempting to use something very easy as your password, especially for accounts that are not that important. Doing that can backfire, though, as it will be very easy for a third-party to log in to any such account without much effort. You will be surprised to find out how many people use passwords like “qwerty”, “password”, “12345” or “abc123”. Using anything similar to these passwords is a big no-no.
  • Do not use personal information. Using your date of birth, pet name or the name of your first school is not a good idea as such information is usually either available in some public database, or it is easy to obtain by social engineering (this is the term used for a technique where a hacker tricks an unsuspecting person to share personal information, usually by contacting them in social media).
  • Do not store login details on public devices. If you choose to save your username and/or password on a public computer (school or library computer, for example), or you use auto-complete, you make it much easier for another person to access your account or to find out your password.
Source: Google / Harris Poll, USA, October 2019
  • Do not save your passwords in a file. Many people are tempted to save their login credentials in a file, especially if they use complex passwords that are hard to remember. While such a file is useful for them, it also makes it very easy for an unauthorized person to access all accounts listed in that file as everything will be in one place. If you really need to save login credentials, do not save the actual passwords, but hints, which only you will recognize.
  • Do not use single sign-on. A lot of companies, including many hosting and domain providers, allow you to sign up using your Google, Facebook or Twitter account. This is the so-called single sign-on (SSO). While this option is very convenient, one compromised social account can result in all your accounts getting hacked. This will undermine the whole idea of choosing a different strong password for yours accounts to keep them safe. In addition, let’s not forget that using a social account to sign up for different services allows social media corporations to keep track of your online activities.

So, how to choose a strong password?

  • Make it long. The longer a password is, the better. Brute force attacks usually involve multiple login attempts with lots of combinations of symbols. Any additional character you add creates a large number of additional possible combinations of the characters. It is recommended that you use at least 16 characters in your password.
  • Make it complicated. Use upper and lowercase letters, numbers and special characters. This will increase the strength of your password significantly. Nonetheless, make sure that you use a password you can actually remember. If you create a password too complicated, you may have to save it or write it down, which will undermine the idea of having a strong password.
This is an example of a strong password that is easy to remember.
  • Use a passphrase. If you wonder how to create a long and complex password, you should consider using a passphrase. Many providers these days allow you to use a blank space in the password, which will make your password even stronger. This will allow you to use a very long password that you will remember, without the need to write it down or save it anywhere.
  • Change it often. It may be a bit challenging to remember the new password every time, but it is recommended that you change it every 2-3 months. This way, if a service you use suffers a security breach, it will be less likely that a third-party will be able to log in with your leaked login credentials as the password in the leaked database will no longer be valid. Of course, if you use more than a few passwords and you change them every couple of months, it will be hard to remember them. More on that below.

Useful tools

  • Password managers. This is the best way to handle multiple passwords without writing them down or saving them in your web browser or in a file. A password manager is an application that generates and stores login details and logs you in securely to any website that has been added to it. You will only need a master password to be able to manage your passwords. The difference from saving login credentials in your browser is that you have an additional layer of security – a master password and for most applications, 2-factor authentication. Here are a few popular free password managers:

You will find paid password managers as well, but since we are not affiliated with any paid software, we cannot recommend one over another.

  • App or browser-generated passwords. Some service providers offer a password generator, so when you want to change your password, you can simply use that option and a password that meets the requirements of the provider will be generated. Alternatively, some web browsers have a built-in password generator, so if you click on the password box on a given website, you can use such a machine-generated password. The advantage here is that sometimes seemingly random passwords that people create themselves may follow certain patterns that hackers use to break into an account.
  • Hacked passwords checker. If you prefer to create a password yourself instead of using a password generator, or for some reason you decide to re-use one, make sure that you check it against lists of leaked passwords first. A couple of popular websites where you can do that are Haveibeenpanwd and Scattered Secrets. The latter allows you to sign up with your email address and see the exact passwords associated with it that are a part of some data leak, as well as the platform they have leaked from.

Keeping your ICDSoft accounts safe

If you have an account with our company, you can set a strong password for it with a couple of clicks. Both the Account panel and the hosting Control panel include a password generator.

The one in the Account panel will include at least 16 alphanumeric and special characters. It also has a strength meter that will tell you whether the password you have selected (manually or automatically) is strong. For additional protection, you cannot set a password that is too common, so using “123456” as a password is out of the question, even if you want to use it.

The password generator in the Control Panel gives you a choice between a random password with up to 64 alphanumeric and special characters, and a passphrase up to eight words. All password forms in the Control panel have a strength meter as well, and you will not be able to use a password that is considered weak

For maximum security, you can easily enable 2-factor authentication in any of your accounts as well. You can see how to do that in our article:

In conclusion

Online security is very important these days, so you have to make sure that an unauthorized third-party will not gain access to your website, domain name or emails. Make sure that you use any additional security options that your provider offers, such as 2-factor authentication, but do not forget that the first and foremost security measure is to set a strong password. After all, some providers do not offer any other authentication option, so your password will be the only thing that will prevent any unauthorized access.

We have listed some mistakes and some good practices when it comes to choosing a good password, so if you follow them, you can keep all your accounts and your web presence safe from any unauthorized access.

Author

I started working in the web hosting business in 2004. My other interests are mountain biking, fine woodworking and raising my kids to be good persons.