For pretty much every part of your account with us, you'll need a password. Whether it's logging on to check your invoices with WHMCS, or added a new database user to your hosting account in Plesk, you'll need to enter a password to log in or configure it.
Secure passwords are important in order to minimize the chances of your account being open to attack by making phrases that are difficult to guess and more importantly, harder for brute-force style attacks.
What is a Secure Password?
Most usernames created are based on just letters, with the occasional number thrown in as well. For example, usernames could just be 'linux', 'mycompany' or 'hstng'. However, in all these cases, they're built out of a set of just 26 characters - lowercase 'a' to 'z'.
The 10 most common passwords used are: god, love, lust, money, private, qwerty, secret, sex, snoopy & password (yep, the last one is true!). Names close to you, such as pets, children, parents, etc. are also common choices, along with favorite music (albums, songs, bands, etc.), books, comic book characters, TV shows, significant dates (birth, marriage) and more.
Even doubling up on common words and phrases, such as 'oneday' or 'biteme' doesn't make the password that much more secure - it's still using a basic set of characters and works that are common in use. It's not just a the choice of characters we use in a password, it's the choice of the word(s) we use to make the password out of - using limited character sets (such as just 'a' to 'z', or maybe even '0' to '9' as well) along with words that are close to you make them much easier to crack.
While for it isn't important to have 'secure' usernames, it is for passwords, as passwords are the secret element of your account and should only be known to you and those that also require access. To do this, you need to increase the range of characters we use.
How do I make is more 'Secure'?
The first step is to increase the number of characters you use. We'll take for example a four-letter password:
- Using the smallest set possible, just numbers ('0' to '9'), we have a choice of 10,000 possible answers - basically '0000' to '9999';
- If that's changed to using just lower-case letters, the possible range increases to 456,976 - starting at 'aaaa' and working our way up to 'zzzz';
- Further increaing the choice, so we're using letters (both upper & lower case) and numbers this time, the range of passwords is now at a massive 14,776,336 choices.
- Finally, using a full possible range - all letters, numbers, and the choice of special characters, including "' " & < > , . &tidle; £ $ [ ] { } - _ + = # @ : ; / \ | ( ) ^ % !", the choice moves all the way up to 71,639,296 choices!
And these are just for 4-letter passwords. Increase it to 10 characters (at least the length of the examples below), and you suddenly have a choice of 43,438,845,422,363,213,824 different passwords! Even if you tried a brute-force attack, testing at 10 every second (much faster than our servers would allow), it would take as long as the Universe has been in existence to crack it!
So, the most secure of passwords are just random sets of characters (and the longer the better) - 'aH4%^r9K!s' or '[d^6k3H!lq' are two examples - but these are hard to remember and may mean that you lock yourself out of the account because you forget it.
A common compromise is to use common works or phrases and substitute characters, alternate case & using a little lateral thinking. For example:
- 'illberightback' becomes 'i'1be90o8ack': The first 'l' becomes a ''', while the second one is substituted with the number '1'. The 'right' part is changed to '90o' (as in 90o is a right-angle) and the second 'b' is replaced with an '8' (as they look similar).
- 'dontbeasquare' can be re-written as 'd0N't!B@[]': For 'dont', we've added the apostrophe and upped the case on the 'n', while the 'be' has been replaced with an upper-case 'b' and 'a' becomes '@'. Finally, 'square' was substituted for the two square brackets - '[]' (which sort of make a square) before just adding an '!' in the middle.
The best way to make a secure password which you can remember and use is to be careful over your choice of password and the methods you use to secure it. The longer it is, the more types of characters you use and the more abstract you can make it (even just inserting random characters to help thwart brute-force or random attacks) the better it'll be in the long run.
