Obvious login name? Be careful!

Is your user name or parts of your domain name being used to attempt hacks to your site?

password123Maybe it’s not just a good password that matters

You’ve certainly been hearing everywhere about the need for strong passwords.

According to RandomPassword.com, “password” is most common password. Their list of the top 10,000 most common passwords is pretty interesting reading. “Dragon” is number 7 above “baseball” and “football” at numbers 9 and 10! (Go figure THAT!?)

I like using four random words — that I could speak — substituting some other characters and capitals. But some sites remind us that you have to use a different password on each site.

There are strong password generators included with password manager services like lastpass.com, which helps you keep track of all those dots and dashes and numbers etc. (It’s a great service. I pay the $12 a year to help make sure that it doesn’t just go away!)

But  my new worry is highlighted by this fact: The WordPress plugin Wordfence just alerted me to several locked-out users trying to gain access to a website that I manage.

The attempted user names were NOT “admin” which is a common choice. The default login for the first user of a WordPress site used to be “admin.”  It might still be, but DON’T USE IT!

The new threat here was pieces of the words included in the domain name.

If the website domain name were, for example, dotsanddashes.com, some baddie might be looking for “dots” or “dashes” as a login name.

It also gives pause to using your first name as a login when you also show that as the author’s name on pages or posts.

So if you must use your name, be doubly sure that your passwords are unique!

Author: Kerch McConlogue

Harrisburg, PA: A WordPress front end web developer who speaks plain-English to nonGeeks

Leave a Reply

Your email address will not be published. Required fields are marked *