2014-02-13

Do you have trouble remembering all of your passwords? Do you reuse the same ones on different sites?

Most of us commit password security sins, despite the fact that we know we shouldn’t. This is because it just seems too hard to keep up with all of the passwords we’re supposed to remember.



XKCD Password Strength

But what if there was an easier way?

Problems With Passwords

There are a number of problems with passwords:

Most of us choose bad passwords.

Passwords are hard to store safely.

People reuse passwords on multiple sites—if one service stuffs up (because they are hard to store!) and exposes your password, multiple accounts across a number of service can be compromised.

Passwords can be hard to pass safely.

The longer you have a password, the less safe it becomes.

Every password that falls to hackers feeds the botnet monsters, and makes the rest of us less safe.

I recently chatted to Brennen Byrne, CEO of Clef—a 2-factor authentication plugin for WordPress—who explained:

Our memories just won’t compete with computers in the long run. Computers are getting better at cracking them [passwords] a lot faster than we are getting better at remembering them.

Possible Solutions

Okay so if passwords are so risky, what can you do about it?

Select a strong password.

Limit password login attempts.

Learn about Two-Factor Authentication.

Consider various WordPress-security plugins that are available.

Consider options for storing and sharing multiple passwords securely.

Choose your hosting carefully (WP Engine has a team, in partnership with Sucuri, that invests a lot of time and effort to stay ahead of attackers).

“We’re All In This Together”

As recent reports have stated, the problem of hack attempts and general security attacks against WordPress sites is only going to get worse.

And, as explained by Brennen from Clef:

It’s really important for us as a community to think about ways to increase the base level of security. We’re all in this together.

Some people think we should get rid of passwords altogether, and have formed the Petition Against Passwords, whose mission statement begins:

The mission of the Petition Against Passwords is to collect every frustrated yell at forgotten passwords and make sure the organizations responsible hear them. This movement is working on behalf of every person who has ever had their identity stolen, their password leaked, or been confused just trying to remember passwords and PINs for multiple sites. There are better ways to log in online and it is time we had access to them. The Petition Against Passwords is about giving us a voice in the conversation about how our identities are shaped online.

It will be interesting to see whether passwords disappear over the next few years, as we all start to move to alternative security measures.

Either way, it is important that all of us are thinking about our password security for our own sake—as well as for the safety of the WordPress community as a whole.

Have you thought about the security of your passwords lately? 

The post The Problem with Passwords appeared first on WP Engine.

Show more