WordPress Passwords and 2 step Authentication

Posted by & filed under Plugns & Extensions.

In today’s connected world everyone should be aware of online security. Usually the weakest point in our online security is our password. WordPress is secure, they have regular security updates and go to great lengths to keep your content safe but frankly it’s all a big waste of time if someone can find or guess your password.

Having your site defaced, deleted or adding new posts to your website is every website owner’s worse nightmare.

lockStrong or Long

Many people believe creating a complex password is the best way to keep you safe. A strong password that is unique and hard to crack should be enough to keep the bad guys away right?. It isn’t. Password cracking tools and techniques have developed fast, really fast. Take a look at this article about GPU’s cracking passwords. This computer can attempt 350 billion passwords a second, that’s enough to brute force every eight character password containing upper case, lower-case, digits, and special characters in under 6 hours.

So, we need complexity to stop people just guessing your password but complexity alone isn’t enough. The length of the password is arguably more important. That’s where pass-phrases come in…A pass-phrase can be just a random selection of words, easier to remember than a complex password and more difficult for dictionary or brute force attacks.

telephone bottle cricket luxemburg

31 characters, not easy to guess! Remember the length of a password is one of the most important factors in how strong it is.

Password manager

A password manager is a great way to keep you safe, better than a complex password or a pass-phrase. This is because allowing a password manager to create a password for you means it will be complex and long, very long. You don’t have to remember it either. The only password you will ever need again is the password manager itself.

I’m a big fan of LastPass – (free/commercial, closed-source software)
Using LastPass and the chrome extension (there are extensions for Firefox, Safari etc) or the installed program makes logging in to multiple websites easy. As I’ve already mentioned it’s more secure than using a long or complex password. LastPass passwords are stored in an encrypted database using ES 256-bit encryption with routinely-increased PBKDF2 iterations. That’s geek speak for very strong protection.



LastPass is free when using a desktop or laptop but will cost you a bit of cash if you want to utilise the mobile app (Android
& iOS). There are also enterprise versions available if you decided to implement it in a business environment.
There are plenty of other password managing tools out there so if you aren’t using one yet then go and check them out.

2 Step Authentication

Hopefully by now you’ve read enough to realise that the password you are using is probably not good enough and you have started to seriously look at implementing at a minimum long passwords or a password manager. Well you can always implement 2 step authentication! It’s not hard to implement and can add that extra layer of security that will help you sleep at night.

WordPress offers 2 step authentication (they call it two-factor authentication) via the Google Authenticator application on your mobile phone. It’s relatively simple to setup just make sure you read through the step by step guide. The mobile phone authentication app is easy to use and once setup and working you can be safe in the knowledge that your site is super secure. 2 step verification can help keep bad guys out, even if they have your password.

Take a look at Google’s 2 step authentication here


Comments are closed.