Everyone knows the importance of choosing a secure password, but how many of us actually put this into practice?

Sometimes for convenience, we might choose an easy password, or use the same password for lots of different online accounts. However, let’s look at the risks of this…

Why is it important to have a secure password?

Every day, we see hundreds of malicious login attempts to our customers’ websites. These are almost always automated bots, which scan the internet for login forms, then bombard the login form with lots of different usernames and passwords. If they’re successful, then can then deface your website or plant viruses.

In the past, it could takes weeks for an attacker to crack a password, by running thousands upon thousands of different combinations of letters and numbers. Nowadays, with advances in computer processing power, simple passwords can be cracked in a matter of minutes.

If you use the same password for lots of different online services, such as your social media accounts or your online bank account, then once an attacker breaches one of your accounts, they can try the same on lots of other sites. There’s been some well publicised attacks on popular sites (such as LinkedIn), where users’ email addresses and passwords have been compromised.

What precautions does Primary Image take for my website?

Here at Primary Image, we’ve always made website security one of our highest priorities (and we’ve even given talks at web conferences about WordPress security best practices).

By default, all websites we design are put through a security hardening checklist. This includes, for example, putting extra checks and restrictions on our customers’ login pages, as well as blocking some common techniques that attackers use.

Nevertheless, whatever technical precautions we take, it’s still very important that you are using a secure password for your website editor login.

What makes a bad password?

  • Login and password formSimple, dictionary words or place names, such as “michael” or “southend”, because attackers use lists of words in their programs.
  • Short passwords, because they take less time to crack.
  • Using dates of birth, because they are predictable.
  • A password that gets used on all your online services.
  • A password that hasn’t been changed for more than a year.
  • A password that you give out to colleagues or friends.

What makes a good, secure password?

  • Unique phrases, which don’t contain typical dictionary words.
  • Long passwords, which are at least twelve characters.
  • Passwords that contain a mixture of uppercase and lowercase letters, numbers and symbols.

Also, never write a password down, so let’s take something we can remember in our heads:

  • “I Live In Southend On Sea”, could become ILISOS.
  • The last four characters of my phone number are 7247.

Neither of these are going to feature in dictionary lists, so it makes it much harder for an attacker.

So putting this together, my password could be:


To run all the different combinations of passwords to guess this, apparently it would take even the faster computers several years!

Want to check how long it’ll take to crack your password? Use this password checker.

Using different passwords on different websites

Never use the same password for all your online services, just in case your password ever gets compromised on one website.

Ideally, you would have a unique password for every single website, but that’s not always practical.

Certainly think about having different secure passwords for your most important online logins (e.g. banking, your website editor login), but you may decide to have a common password for all your less important online accounts.

It’s not always necessary for you to actually remember each password, because you can use a password manager. The Chrome web browser has an in-built feature, which synchronises your usernames and passwords between your computer and smartphone. Also, LastPass or other password managers can be used to randomly generate and store passwords, without you needing to remember them.

Using HTTPS for your own website

You should consider having a HTTPS (secure) connection for your own website, which encrypts your password (and your visitors’ passwords) when it travels across the internet.

Read more about our HTTPS conversion service and changes to how websites are being labelled in Chrome and Firefox.

And definitely don’t choose these passwords!

Security company SplashData compiled a list of the top passwords in use. It seems some old favourites are still hanging around!

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty
  6. 123456789
  7. 1234
  8. baseball
  9. dragon
  10. football
  11. 1234567
  12. monkey 1
  13. letmein
  14. abc123
  15. 111111
  16. mustang
  17. access
  18. shadow
  19. master
  20. michael

If you’re using one of these passwords, make sure the next thing you do is changing your password straight away!!