Passwords are always a key talking point when it comes to website and data security, especially here at Host Media. Most of the hacks that are seen are due to poor passwords admin areas or control panels.

Top 10 worst passwords commonly used in 2015

Just to give you some idea of the passwords that get used, below is the worst commonly used passwords for 2015:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball

Why use long passwords instead of short complex ones

Before we get into examples of what sort of passwords should be used and not used, we will just quickly go through why longer passwords are more secure. When a decoder tries to guess a password for a login, it attempts to enter all the most common passwords that people might use (“password”, “12345”, etc) and if the password isn’t one of these or a common word, it starts processing through using different methods.

One of the most common methods is brute-force, any password can be cracked using a brute-force attack. Brute-force attacks try every possible combination of numbers, letters and special characters until the right password is matched. Brute-force attacks can take a very long time depending upon the complexity and length of the password. The cracking time is determined by the speed of computer and complexity of the password. The longer the password the greater amount of time it will take.

The next common method is matching on the hash which is called rainbow table. This is a pre-computed table for cracking password hashes. For example using MD5 to encrypt a string such as ‘hostmedia’ we get ‘a04d8c2835038bc34b48e72cad85ed3e’. A computer would be used to build up a huge list of hashes to try and match against this to then get the password. This is commonly done when a database of passwords have been downloaded by hacking a sites scripts or database.

So what can be done to make it harder for passwords to be hacked or decoded… longer passwords. When we think of long passwords we instantly think it has to be something like; “g#9Qe£24F$AqR%5W8z7t*” – it isn’t very easy to remember and you are more likely to write it down somewhere, which is also a security risk.

However there is a better way of securing your site with an easy to remember password and still be long and complex to be decoded. The use of sentences that you can remember and personal to you. For example: “I love having a website for my blog!”
In the above example you will see it is 36 characters long and has special characters in the form of a exclamation mark and spaces between the words. Based on howsecureismypassword.net it would take a computer 224 million years to crack this password. Of course this is an estimate based on a standard computer but you can see how easy it is to create a secure password for your systems.

Using sentences allows you to get creative with your passwords and more importantly, secure your website.

If you have any questions regarding data or website security please feel free to contact a member of the team.

We have been hosting websites since 2002 and are always moving forward. All articles written under the Host Media author are created by the team who support our customers.

Join the conversation! 1 Comment

  1. Assisting users of blog.hostmedia.co.uk with their password security

    Hello there ,
    I was using the password tool you mentioned on your page here: blog.hostmedia.co.uk/1741/password-security-keep-your-site-secure/
    While it does the job overall, I found another tool to be a better alternative. I thought other users might also appreciate it if you update your page.
    It is clear and ad free: http://www.vpnmentor.com/tools/passwordmeter/
    In hope I helped back,
    Kaylee

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

About Host Media

We have been hosting websites since 2002 and are always moving forward. All articles written under the Host Media author are created by the team who support our customers.

Category

Website Security

Tags

,