What are your thoughts about password management? Do you or do you not agree with having rules around passwords, i.e.: Requiring the use of special characters, having passwords of a minimum/maximum length requiring passwords to be changed on a regular, etc…What do you think is the single most important password “rule” requirement?
I have been preaching the importance of password management for years to my freelance web development clients. For example, a standard WordPress site has various passwords to manage that include:
- Hosting Company
- FTP access
- WordPress Admin
I have had clients that used insecure passwords for any or all of these and they have regretted it because a malicious actor was able to gain access to their site and delete files, install malware, and generally cause havoc. It may be good for my bottom line when I am called in to fix issues, but a lot of hard work in restoration could have been avoided by using strong passwords, utilizing two-factor authentication, and limiting login attempts.
Because today’s user has multiple accounts, I always recommend to my clients to use a password manager, like LastPass or 1Password. My number 1 rule: Never use the same password twice. I could be tied to a chair and would not be able to tell you my own Gmail password because it was autogenerated and saved to my password manager. It is 16 characters of upper and lowercase letters, numbers, and symbols. And I change it every few months on an unreliable schedule. I may change it tonight just because!
Sometimes, I feel like the Cassandra of passwords. I advise but do they listen?