Tips For Login Security

FINISH- resource: https://ithemes.com/blog/wordpress-login-security/

Unfortunately, it doesn’t require very much skill to create a bot to scan the internet and commit brute force attacks; any beginner-level hacker can create one. Login security is crucial to secure your website.

brute force attacks

Below are some simple rules that require using security best practices to avoid being vulnerable to common user login mistakes.

1. Use Strong Passwords
   An ideal password contains various types of characters including numbers, text characters (both with and without caps), and symbols.When creating a password, consider the length of the password. Below is a list of estimated time it takes to hack/crack a password using a four-core i5 processor:

   – 7 characters will take .29 milliseconds
   – 8 characters will take 5 hours
   – 9 characters will take 5 days
   – 10 characters will take 4 months
   – 11 characters will take 1 decade
   – 12 characters will take 2 centuries.

   Adding just a single character can significantly increase the security of your account.

   A password that it is at least 12 characters long, random and includes a large pool of characters like “ISt8XXa!28X3” will make it very difficult to crack.

   Unfortunately, some hackers are leveraging GPUs and stronger CPUs to decrease the amount of time needed to crack passwords. So to strengthen your logins, also be mindful of your password entropy. The higher the password entropy is, the more difficult the password will be to crack.

   Randomizing characters decreases the predictability and increases the strength of the password. But both of these passwords have one thing in common that ultimately reduces the password entropy. Both are only using lower case letters, limiting the pool of possible characters to 26. That’s why it’s vital to include alphanumeric, upper-case letters, and common ASCII characters to increase the pool of characters needed to crack the password to 92.

   For example, based on just the length requirement, a password like “abcdefghijkl” is 12 characters, which is great and should take 200 years to crack. However, since the password uses sequential strings of letters, it makes the password much more predictable compared with a password like “rfybolaawtpm” which has randomized characters.

   To access each and every one of my clients’ accounts, including their website login and their server access login, I use unique passwords that are 20-25 characters in length and includes numbers, characters (caps and non-caps) as well as symbols. These are updated every six months as a an extra precaution.

   I also use a very secure and sophisticated security software that allows me to ban and block hackers trying to get access. Watching the number of daily attempts on any given account is some-what daunting but a good reminder of how important it is to invest the time and money in good account security!

• Each Account Should Have a Unique Password
  Never, ever reuse passwords. This goes for any and all of your online accounts.
• Limit Outside Authentication Attempts (use?)
  By limiting the number of username and password attempts to one for every XML-RPC request will increase your security for website logins.
• Limit Failed Login Attempts
  Make sure your security software limits the number of failed login attempts are noticed and banned. (Note: the security software I use for all websites does this.)
• Use Two-Factor Authentication
  This is the best way to increase login security to your website and other accounts. Two-factor authentication requires an extra step and code, along with your username and password, to log into your account(s).