Choosing a strong password to protect your website and accounts is vital to ensuring your data integrity and privacy. While we're all tempted to use easy-to-type and easy-to-remember passwords, there are many automated processes out there designed specifically to test for weak passwords very quickly. Using a password that's based on a dictionary word is an almost surefire way to have your account compromised, whether it's cPanel, email, FTP or your administrative interface to WordPress, Joomla or Drupal. Once hackers have access to one aspect of your account, it is much easier for them to compromise others.
Opening up your website only to find it defaced, missing or otherwise compromised is a horrible feeling. Let's make sure that doesn't happen!
Using personal details for a password is often a road to having an account compromised - anyone who has access to your birthday, pet's or child's name, et cetera, might be able to guess a password based on that alone. We need to make it harder for the bad guys.
A good password is at least eight characters long, and is composed of upper- and lowercase letters, numbers and special characters, and is one you can still remember.
It's tough to meet all of those criteria, we know, so here are some helpful tips to strong password creation (and memorization.)
Use A Mnemonic:
Perhaps in grammar school, you learned the order of the colors in the rainbow: Red, Orange, Yellow, Green, Blue, Indigo, Violet. Remember the name Roy G Biv? That's a mnemonic - a device to more easily remember a group of items, in this case by making a memorable phrase out of the first letters of each word.
One of our favorite mnemonics for passwords is to take a line of a song we know well, and make a password out of the first letter of each word in the lyric. Then, insert commas, semicolons or other appropriate punctuation, and top it off with some numbers. Let's take a line from Patsy Cline's "Walking After Midnight" as an example:
"I go out walking, after midnight, out in the moonlight"
A basic password from this phrase might be:
That's not bad, right there! We've got twelve characters, an uppercase letter, and two punctuation marks - and it's easy to remember! Just hum the song in your head and you've got your password. We can improve upon it, though, and easily: Put your area code, last four digits of your phone number, ZIP code or another memorable set of numbers at the end.
cPanel's password strength checker gives that a 98 out of 100 - that's about as good as it's going to get without being impossible. You could throw numbers or special characters in for some of the letters, if you like, a la:
cPanel gives that an A+ with 100 out of 100 - but if you can't remember it, it won't do much good.
A few other tips - the password cracking programs are getting better every day. They have a list of commonly used words to test against accounts, and they substitute numbers and special characters for letters, too. Thus, if your name is Mary Smith and your password is "M@rySm1th" - chances are, your account will not remain secure for long.
If you suspect your account has been compromised, please open a support ticket right away - we can help you determine if everything is ok, or if we need to restore your files from a backup (another good reason to keep offsite backups - just in case!)
Also, please don't use our example password - even though it's a great password, it's published, right out here for everyone to see.
Maintaining strong passwords is of critical importance - they keep your personal information private and your website secure. Many of the spammers out there are relaying quietly through hacked accounts - one of our techs even had a GMail account with a relatively weak password compromised; it can happen to anyone. Do your best to make sure it doesn't happen to you!