Table of Contents
How Secure are your Website Passwords?
Website security affects more than just the code. Web hosting accounts, email accounts, passwords….
Passwords provide protection in gaining access to a resource. This is a simple concept and easy to implement. Many people are lax with utilizing this basic layer of protection on their site and in all areas of their life.
Website security is a daily part of my job. As technology changes at lightning speed, outdated websites become more vulnerable. More and more, people contact me to fix their hacked websites. An easy step to keep your website secure is simply using strong passwords. This little effort can save you a TON of stress and complications later on.
Keep in mind every point I mention in this post applies to every password for every account you have. Not just your website passwords.
What are website passwords?
When I say “website passwords”, I refer to any and all passwords associated with your web site.
This can include:
- web hosting provider login
- hosting control panel login (cPanel, for example)
- FTP logins
- email accounts
- domain registrar
Password Security Tip 1
Don’t share it freely. Don’t share it over non secure means. By this, I mean do not send me your passwords over email or a text message. (I prefer them not to be communicated verbally because there is too much room for miscommunication.)
When I request a client’s login details, I provide you with a link to send it through a secure form.
Even though I request this, people still sometimes send me their passwords over email. Don’t. It’s not secure.
Password Security Tip 2
Don’t share more than you need to. Most of the time this means don’t share third party account logins with me. Especially do not give me access to accounts related to financial information. i.e. PayPal, Credit card merchant accounts. I never need these logins. I never want access to any account directly tied to your bank funds.
Some companies will have procedures for you to temporarily grant access to your account, rather than giving full account access. For example, with GoDaddy you can delegate access to your account to temporarily share access.
Google Search Console allows you to add users to the property with different levels of access.
Password Security Tip 3
Don’t use the same password for more than one account. I get it. It’s a hassle to keep track of what password goes with what account. Its nearly impossible to simply remember. BUT – Don’t reuse passwords. If a hacker gains access to one account, they may try to gain access to other accounts you own.
Use a password manager. You have one password to remember to access the manager, and then all logins are secure within this program. I use a little freeware program KeePass to mange passwords all of my personal accounts and clients. I have over 1,000 logins stored in this program. All safe. All different (all of mine at least).
Password Security Tip 4
Make your website password complex – really complex.
Here’s an example of what a password I may use would look like: N#VRkeN@*L]U5eATzbtB
It’s a mix of 20 characters; upper and lower case letters, numbers and symbols. There are no names or dictionary words. You should do the same.
Another great thing about the password manager I mentioned is that you can copy the password without viewing it and paste it into a web form. 10 – 15 seconds after you copy it, it is erased from your clip board.
Password Security Tip 5
Reset your password occasionally. It’s a good habit. How often? Do it twice a year. Add it to your list when you check the batteries in your smoke detectors.
Is Your Website Vulnerable?
I’m amused at the response I sometimes get when I tell clients their website password is weak and their site is full of vulnerabilities. They should make it a priority to address this. They respond that their site won’t get hacked. They don’t have anything a hacker would want. No credit cards stored, personal information, nothing personal.
What they don’t get is a hacker is not someone seeking out your site specifically. Their attempts to hack a website are unbiased. With today’s technology, a hacker writes a script that crawls the Internet (like a search engine indexing pages on your website).
They are going for quantity, not quality. By this I mean the crawler script hits as many sites as it can, looking for easy vulnerabilities. If it finds an easy way in (like simple password), it will wreak havoc and then move on to the next site.
Any site is a target that does not keep up with website maintenance .
If your website gets hacked, it can cause issues in many ways:
- Your site can get blacklisted in Google and other search engines
- Your website rankings can drop in search engines. This will effect the number of visitors your site and potential earnings.
- Your PPC ads can get turned off and take time to get reinstated.
- Your visitors will lose trust if they see you have been hacked.
- Your web host may suspend your account until you clean the infection and secure your website.
- It can cause disruptions with your email service.
- Your domain can be blacklisted for email, and it ends up in your recipient’s spam folder.
- It can be expensive to clean up malware infections.
When did you last update your password on your web hosting account? (and all of your password protected accounts) Don’t remember? Do it now.
Can you easily remember your password? Does it have a word in it? Is it less than 14 characters? Yes? Go change it now.
Being proactive now will save you a lot of expense and frustration later.