Once upon a time, passwords could be relatively simple. You could swap an "e" for a "3", or add a number on the end of a word or name, and it was all pretty easy. I remember a place I worked in the 90's where password changes were forced every 3 months, and one lady had "summer1", "autumn1" and so on, so she could remember it easily!
But nowadays, password attacking scripts specifically target common habits like this. And if you're using the same password for your website as you use for internet banking... well... obviously this can end very badly!
Using strong and unique passwords can be one of the key differences between being hacked, and not.
Weak passwords are easily compromised.
Fact: Predictable words, sequential numbers, and personal information create weak passwords.
In 2017, SplashData identified the top 25 most common passwords. If you're using one of these anywhere online, the chances of that password being cracked is extremely high.
What is a strong password?
BetterBuys, showing how long it takes to crack a password:Take a look at this infographic from
Ideally, a strong password is at least 12 characters long, and a mix of numbers, uppercase, lowercase, and symbols.
And it should only be used ONCE.
So how do you remember all the different passwords for different things?
This is where a password manager comes in. A password manager allows you to generate random, strong passwords, and store them in a secure database which is protected by a password. This means you only need to remember ONE password (and yes it should be a very strong one!).
Some well-known password managers include:
- KeePass (Windows/Mac/Linux/Mobile, Free)
- LastPass (Windows/Mac/Linux/Mobile, Basic: Free/Premium: $US1/month)
- 1Password (Mac OS X/iPhone, Desktop: $US39.95/iPhone:$US14.95)
- Roboform (Windows, Basic: Free/Pro: $US29.95)
- SplashID (Windows/Mac/Mobile, Desktop: $US19.95/Mobile:$US9.95)
- Dashlane (Windows, Mac, iOS, Android, Free / Premium)
- and a bunch more if you Google "password manager"
Consider your needs before choosing a password manager. For instance, if you need to access your passwords on a desktop browser and a phone, choose a password manager that works with all the software and hardware you use.
I've always used KeePass, but that's mostly because it was one of the first, and it's open-source, and free. And I like it. :)
Two-factor Authentication (2FA)
Two-factor authentication adds a second level to a login, which provides a stronger defence for that account. It combines something you know (your password) with something you have (your phone). In simple terms, you login using a password, and then verify that via a code sent to your phone or app. If it's enabled and somebody gets hold of your password, they still need that 2nd factor to get in.
2FA can be enabled on many different accounts, including Gmail, social media accounts like Facebook & Twitter, eBay - AND your Joomla website.
By default, we don't automatically enable 2FA unless a client requests it, as it adds a layer of complexity to the login process which may be confusing for clients who are unfamiliar with it. However, if you are interested in adding it to your site, please log a support ticket to have it set up.
If you have any queries regarding passwords, password changes, password managers or 2FA, please contact us.