The Importance of Using a Strong Username & Strong Password
In Joomla we are using usernames and passwords. It is crucial that you create a strong username and strong password to protect your Joomla website when creating a user account in your site.
Any Joomla web site that employs usernames and passwords must be administered with dedicated attention to ensuring that good security practices are followed by all users. If you as site administrator or your users are careless about how they choose usernames and passwords or store credentials, then a "hacker" or a "botnet"" may find it relatively easy to break your site's security.
You should develop methods and provide information to the (potential) user of your site for the selection of usernames and passwords so registration results in strong and unguessable username/password combinations which are difficult to break.
Would you believe it that the most used password in the world (and on Facebook) is actually (YES!) 'password' followed by '123456', '12345678' , 'abc123' and 'qwerty' (source: Splashdata)
Hilarious is it? Uhhhh... Are you actually still using the Super Admin name 'admin' or 'admin123' ? Ouch...You know that most bots are searching for a Joomla site where the super admin starts with something of 'admin' and bombs than the administrator access with hundreds of thousands of passwords when it finds one? Result in 99% of the cases: hacked!
So it is essential that you create a good username.
How you create a good user name?
Let me give you an example:
Choose usernames and passwords that use uppercase letters, numerals, and lowercase letters and symbols in non-obvious arrangements.
My name for instance is Leonard. Obvious that is bad to use since hackers will use name and/or name combinations to discover the username.
So I choose the name Leon which is easy to remember but still easy to discover since it is plain and only 5 digits. So we modify that and it will still be easy to remember: 'l_3.0n' which is a good reproduction and easy to remember username but dificlt to guess (e = 3 and o=0, add 2 symbols and we are done!)
Now the more important one is the password! What is a good password?
Rule 1 – Password Length: Stick with passwords that are at least 15 characters in length. The more characters the better since difficult to crack. (20 digits are the max in cPanel for instance btw).
Rule 2 – Password Complexity: Use a combination of
- Upper case letters
- Lower case letters
A very good password generator will help you create a good password. However it is difficult to remember probably so another way of generating a password which you will easy remember is to use a familiar sentence and translate that into your very own, easy to remember password. Here is the example of my text phrase:
"I am married and have two daughters of fourteen and twenty one years old" .
Now I keep only the first digit of each word, scratch the rest and I have a possible password: "Iamahtdofatoyo".
This though needs a little modification to make is super strong and I will be still able to remember my password so we get when we look at the digits: 'iaM+h2do4t&t1yo'.
Now THAT is super strong[/b]and even I can remember that!
Now we have strong user names and strong passwords it is the moment to spend some time on the issue of how to practice good password security in daily life:
Recognize this? Do something about it now!