Passwords – Securing Your Store and Living with a Necessary Evil

password-704252_1280Passwords, just the thought of dealing with them can make people groan. We know they are necessary, like eating right and exercising; but we all cheat when we can. The problem is cheating never leads to good things.

While breaking into web sites via passwords is not the most common way of getting in, it does happen and there is more to password management than just keeping bad guys out.

Let’s start by reviewing what makes a good password.

  • Length

    At a minimum, a password should be 8 to 10 characters in length. Longer is better if the application you are working with allows it. Generally, longer passwords take more time and effort to crack

  • Composition

    For a good password you’ll want a mix of letters (both upper and lowercase), numbers, and if possible special characters (such as ?, %, &). Use a mix of all the types in your password. A good mixture helps to prevent patterns.

  • Patterns & Common Words

    Patterns not only make passwords easier to remember, it also makes them easier to crack. The number one password continues to be a version of “123456”. Don’t use common words, patterns, or repeating characters in your password. Try and stay away from substituting special characters for letters in a common word (Tr33z!). If it looks like a word it’s probably not the best choice.

  • Age

    You don’t need to come up with a new password every day but replacing them every few months is a good practice to get into. Also, don’t reuse passwords too often on a site or even use the same password across multiple sites. Using one password for many sites is quite common as it’s hard to remember a different password for each site or program you use. Try to use as many different passwords as possible. By doing this you may stop a bad guy from getting into all of your accounts.

The Right Tool for the Job

It looks like we’ve now made dealing with passwords even less enjoyable so what can we do to make living with them bearable? One solution you may wish to consider is a password manager. A password manager is basically an encrypted database that you keep your passwords in. To open the database requires single password or passphrase. So, by remembering one password you can have access to all your other passwords and you wont have to worry about forgetting or misplacing them

An added bonus is that most all password managers can create complex passwords for you. Plus, they can enter your login data for you when you return to a site.

Password managers come in basically two varieties: standalone and web-based. With a standalone, the passwords are stored in a file which resides with the application on your computer or device. Most of the standalone type managers are starting to blur the lines between being truly standalone and cloud-based as many offer some sort of synchronization between devices which uses the internet to pass the file. Here are some popular standalone managers:

A web-based manager keeps the database out in the cloud and allows you to access your passwords from pretty much anywhere. Here are a couple of the more popular ones:

Keep in mind that a password manager is not the be-all and end-all. There are risks involved although it’s less risky than using “password” as your password on 25 different web site. One of the popular web-based managers mentioned did recently suffer a security breach . While passwords were not exposed you should be aware that there is always a risk. This risk is valid even for standalone managers.

There is one more option. Many web browsers now offer the ability to remember your login information for sites you visit. Keep in mind that this is considered a convenience feature by many and not really a security application so do some research before putting all your eggs in one basket.

With a password manager you’ll be gaining the ability to create numerous, complex passwords and the ability to easily log into your sites. Take a look at the passwords you are currently using, how you store them, and how you make use of them. Then review some of password managers and see if they make sense for you.

Bonus Safety Tip!

Remember to keep your software up-to-date. Because WordPress is such a common CMS it is a common target for hackers. Remember to keep the core and plugins updated. Be sure to watch the LexiConn blog and newsletters to keep abreast of updates and patches that may apply to your store.

3 Comments

  1. Megan O'Brien says:

    Hi John,

    I’m Megan and I work for AgileBits, the makers of 1Password.

    I wanted to thank you for taking the time to educate your readers on the importance of online security, and for including 1Password in your discussion!

    In this day and age, it is so important that we all use strong and unique passwords for every site that we visit, and password managers can help make it much more convenient to be secure.

    Keep sharing the secure word!

    Megan O’Brien
    Level 60 Support Sorceress at AgileBits
    support.1password.com

  2. Alex says:

    Hi! Great article. However, one thing is missed here. There is an alternative way to aggregate passwords in one – simply by using some reliable KDF there. It needs neither vaults, nor clouds, thus, seems to be even more secure, than the mentioned ones. Several free open-source tools are based on this method. Nevertheless, almost nobody knows about it nowadays – even among experts. It’s really strange, because it’s already known for quite a long time. About passwords: sure, it’s hard to memorize them, but for master-password there might be used one way around – gestures (like on the Android lock-screen – remember?). In fact, it makes you able to remember much more with a much less effort. Actually, I tried to combine both methods in one simple tool – the result is awesome.

Leave a Reply to Megan O'Brien