Throughout your time as an internet user, you’ve probably chosen dozens of usernames and passwords. Sometimes, you may not have given them much thought. But for stuff that really matters, you may find yourself wondering: “How secure is my password and username?”
This is a particularly important question when it comes to your website. A secure username and password will keep people out of your site’s admin area, and protect sensitive information such as personal data and payment details. Plus, no one will be able to alter your content or add malicious programs.
Asking “How secure is my password and username?” is more important than ever
Being careful about how you log into your accounts is more important than ever. For example, one report recently found that 80% of data breaches online are a result of weak or stolen passwords, and other studies have returned similar results. What’s more, the majority of people use passwords that are weak or easily hacked.
Whether it’s your social media profiles, your online banking accounts, or your WordPress admin account, using strong credentials matters. Not taking care in this area can result in:
- Various types of hacks, where undesirable agents get into your site and steal sensitive information.
- Humans and/or bots posting their own content on your site, such as spam or malware.
- You getting locked out of your site, or it being taken down completely.
How to choose a secure username and password for your admin account
If all this is leading you to wonder: “How secure is my password and username?”, don’t worry. In the next two sections, we’ll walk you through how to make secure choices.
Keep in mind that if you already have an admin account set up, you can easily change your username and select a new password. Plus, much of the following advice applies just as well to your other accounts across the web.
Part 1: Your username matters, too (how to pick a strong one)
When the topic of secure credentials comes up, you probably think more about your password than your username. We’ll be the first to admit that your username isn’t quite as important when it comes to security – after all, it’s your password’s job to lock up your account.
However, your username is another credential that people will need in order to access your site. By choosing it carefully, you can make it harder for hackers and spammers to force their way in. This means ensuring that your username is unique and difficult to guess.
For example, “admin” is a popular username for WordPress sites, which makes it easy for malicious actors to guess. For the same reason, you should avoid personal details like your name or email address.
At the same time, you don’t want to make your username too obscure. You won’t want to risk losing it, as it’s your primary way to retrieve your password. Forgetting both your username and password can make it hard to access your site.
Here are a few recommendations for choosing a secure username:
- Keep it simple, and avoid too many numbers, special characters, etc.
- Make it memorable and unique. Opt for a word or phrase that’s personally meaningful to you, but won’t be easy for others to guess.
- Don’t use any personal or identifying information that could be misused in the wrong hands.
It might have already occurred to you that this process may not result in a username that’s well suited to being displayed on your site. For instance, if you’re trying to run a business website, you might want posts made by your admin account to show your real name, rather than something like “catlover88”.
Fortunately, in WordPress you can set your ‘display name’ to be whatever you like:
What’s more, the process for changing your display name is simple. You’re therefore free to pick a username that’s simple, memorable, and secure, without worrying about how it will appear to others.
And if you’re really concerned about privacy, you can also use the Edit Author Slug plugin to hide your username from the author archive page that WordPress creates.
Part 2: How do you pick a secure password?
Have you ever wondered: “How secure is my password?” The mantra to choose secure passwords for all your online accounts is so common, it might as well be labeled a cliché. Still, you might be surprised at the number of people who don’t follow that advice. For example, the most common password in 2017 was “123456”, followed by “password”.
Using secure passwords has only become more important over time, as we’ve trusted more of our personal and financial data to various sites and applications. However, it’s also become more difficult to create strong passwords. It seems like hackers are always one step ahead, developing better algorithms faster than we can tighten up our credentials.
Hackers try to guess your password (a lot)
To start choosing better passwords, the main thing you need to understand is that in almost all cases, there won’t be a human hacker sitting on your login screen trying out possibilities one at a time. Instead, sophisticated bots are able to try multiple combinations per second, running quickly through all possible options until they achieve success (this is why limiting login attempts is a common security approach).
Creating a strong password relies on putting something together that’s difficult for those bots to crack. If your password is obscure enough, the bot will eventually give up and move on to find an easier target. There are a number of methods for doing this, but let’s touch on two of the most effective.
The “random” characters password method
The first method is probably one you’re familiar with. It involves creating a password by stringing together random numbers, letters, and special characters. Such passwords can be quite secure, especially when they follow these guidelines:
- Use at least one number, letter, and special character (such as ~ or ?).
- Include at least one uppercase and one lowercase letter.
- Make the password as long as possible (every extra character adds thousands of possibilities).
If you’re a WordPress user, this is your primary method of generating a strong password. In fact, you can accomplish it right through your dashboard. However, you can also use external password generators to do the same thing:
The primary downside to these kinds of passwords is that they’re very difficult to memorize. In fact, there’s a whole industry of tools that will store your passwords for you. In addition, the ‘random’ approach may not actually be the most secure way to generate a password.
The “multi-word” password method
Another option that’s becoming more popular might be termed the ‘multi-word’ approach. This involves creating passwords that are strings of random words joined together, such as “llama bottle cheese granite”. There’s a lot of research to support that these ‘pass phrases’ are very secure – even when compared to truly random passwords. What’s more, they’re a lot easier to remember, since you can form your own associations between the words.
If you decide to opt for this type of password, keep these guidelines in mind:
- The words you choose need to be completely random. There are actually random word generators to help you out.
- The more words you use, the more secure your pass phrase will be. We recommend using at least four words.
Use different passwords for different accounts
Finally, no matter what style of password you use, it’s important that you use a different one for each account. As such, make sure the password for your WordPress admin account isn’t one you use anywhere else. Plus, you should have it backed up somewhere safe, and change it periodically. While it may be a bit of a hassle, these precautions are important for protecting your data and that of your visitors, as well as avoiding the need to ask: “How secure is my password?”
Now you know the answer to “how secure is my password?”
There are a lot of ways to keep your website secure, and you’ll want to employ as many of them as possible. However, your admin account credentials are your first line of defense against all sorts of attacks. Making it as hard as possible for anyone to access your account is an absolute necessity.
In this post, we’ve discussed how to avoid having to ask the question: “How secure is my password and username?” All it takes are two steps:
- Choose a username that’s simple, easy for you to remember, and doesn’t contain any personal information.
- Opt for a long password comprised of numbers, letters, and special characters. Alternately, a pass phrase comprised of completely random words is both secure and easier to remember.