RoboForm is one of the world’s leading password management software programs. It is simple to install, easy to use, lets you fill login usernames and passwords (and forms) automatically, and works on all devices (PCs, laptops, mobile devices, etc.), all browsers and across all platforms.
Imagine having to memorize different logins and passwords for hundreds of accounts. RoboForm helps you manage multiple passwords easily and access all of your logins with a single click from your desktop PC, laptop or mobile device …
(RoboForm lets you easily manage logins for hundreds of online accounts)
RoboForm also lets you print and save your stored details and synchronize logins between your computer or laptop and mobile device …
(Use RoboForm to login from mobile devices)
RoboForm includes a number of handy features, including a password tool for generating and storing secure passwords …
(RoboForm password generator)
RoboForm is continually updated, secured with military-grade AES 256 encryption, and provides excellent user support.
In this tutorial, we look at basic security practices that contribute to overall web security, like password security.
This tutorial is part of our tutorial series on WordPress Security. In this tutorial, we look at how improving basic security practices like password security can contribute to your overall web security.
One of the most common methods used by hackers to crack into websites, computers, servers, etc. is to run brute-force attack software persistently on login areas, looking for weak password combinations.
Many potential vulnerabilities can be avoided with good security habits. Using strong passwords is one of the first and most important security habits you can develop.
A strong password is not only necessary to protect your website, but your entire online presence. A hacker who gains access to your computer administrator account is able to install malicious scripts that can potentially compromise your entire server.
Creating A Strong Password
The goal with creating strong passwords is to make it hard for other people to guess them and hard for a brute force attack to succeed.
Strong Password Foundations
To create a strong password, keep the following in mind:
Avoid any permutation of your own real name, username, company name, or name of your website. You also should avoid choosing a simple password like your child’s name or your pet’s name.
Avoid using words from a dictionary, in any language.
Don’t use short passwords. Make your passwords long (over 8 characters) whenever possible. The longer the password you have, the stronger it is. 8 – 12 character passwords are ideal. See the ‘Password-Permutation’ section below for more details.
Avoid using numeric-only or alphabetic-only password. A mixture of both is best. Use a combination of uppercase, lowercase, numbers and non-alphanumeric characters. Non-alphanumeric characters are symbols like: $, #, [, %,^,&,}, ~, /, *, @, etc…
Even though you have probably heard this a million times before, it is worth repeating it again: Don’t use the same password for all your websites and logins.
Elaborate, strong passwords are not going to be easy to remember. Consider using a password management tool (see below).
Strong Password Generators
Many password generators are available that can be used to automatically create secure passwords.
You can find free secure password generators online …
WordPress also features a password strength meter which is shown when changing your password in WordPress. Use this feature when changing your password to ensure the strength of your password is adequate …
In password security terms, ‘permutation’ refers to the number of possible combinations of characters, numbers, symbols, etc. that it would take for someone to decode a password.
For example, if you have a 3-character password using only the numbers 1, 2, and 3 and they are allowed to repeat, then there are 27 possible password permutations, as shown below:
The permutation formula for a 3-character password where the password characters are allowed to repeat is as follows:
If your password is only three characters long, and you use all 26 characters from the English alphabet, then the number of permutations required to decode your password are as follows:
Any hacker using a brute-force attack software and a computer with minimal processing power can crack the above password in no time.
Adding just one more character to your password, however, can increase the magnitude and complexity of your password to a level that would make it significantly more difficult for hackers to crack, as shown below …
As you can see, increasing your password length by just one character makes it significantly more difficult to crack.
An 8-character password that uses all 26 letters of the English alphabet plus 10 numbers (0 – 9) creates the following number of possible combinations …
When you add in a combination of uppercase and lowercase letters, plus non-alphanumeric characters (e.g. $, #, [, %,^,&,}, ~, /, *, @, etc.) to a case-sensitive password, then you can see just how significantly increased the magnitude of your password security will be.
Make sure to implement strong password security measures for all of your online access points. This includes:
Additionally, make sure to research and implement or review the following security measures in your specific setup …
Email Password Security
FTP Password Security
Web Server / Web Hosting Security
Hopefully, the above will help you understand how improving basic security practices like password security can contribute to your overall web security and why using strong passwords for your online assets makes it harder for hackers to crack your passwords and breach your security measures.
"These tutorials have so much information and are easy to understand. If you use WordPress or plan to in the future these will help you with everything you need to know." - Valisa (Mesa, Arizona)
If you only use one password for everything and someone gets hold of this password, then you will have a huge problem on your hands, as that person will be able to access all of your online accounts.
Having a solid password security system in place requires not only creating strong passwords but also using different passwords for separate locations.
Trying to remember lots of different passwords for different places, however, can quickly become a nightmare, especially if you have multiple logins to keep track of (e.g. websites, email accounts, online banking, subscription and membership sites, forums, social media accounts, etc.), and you don’t have a way to keep all of your different passwords organized and easily accessible (whilst also making your passwords difficult for others to access).
Fortunately, there are software programs that can help you manage your passwords and do things with passwords that would be almost impossible to keep track of if you didn’t use a password manager.
Password managers are programs that help you manage all of your passwords (keeping these secure using one main password), save you time, help you stay organized, and of course, help keep all of your logins and valuable data safe.
Typically, with a password management program, one master password gets you into the “vault” section of the software where all of your other passwords are stored. Once a password has been properly stored, you can just navigate to the site that requires your password, click on a button and the login credentials will be auto-entered, granting you access to the site. You can find great password management programs for free or purchase these at minimal cost.
Browser-Based Password Managers
Browser-based password managers let you save, change, and delete passwords from your web browser. Web browsers like Firefox and GoogleChrome let you store passwords when you fill in a login form in a website and automatically log you back in when you revisit the site.
For example, here is the Firefox browser Password Manager …
If you choose to use a separate password manager program (see below), or do not want to be asked to save passwords every time you log into a new site, you can enable/disable the password-saving feature in your browser.
To disable the password manager in your Firefox browser, go to your Firefox menu and select ‘Options’ …
Click on the Options > Security tab and adjust your password preferences, set a master password, edit your stored passwords, etc. in the ‘Passwords’ section, then click ‘OK’ to update your settings …
In Google Chrome, you can access the password management feature by clicking on the ‘Control’ button, selecting the ‘Settings’ menu, then clicking on the ‘Advanced Settings’ link and scrolling down the page until you get to the ‘Passwords and Forms’ section …
In the case of a browser-based password manager like Firefox, even though the Password Manager stores your usernames and passwords on your hard drive in an encrypted format, someone with access to your computer can still see or use them. It is recommended, therefore that you use a Master Password to protect stored logins and passwords. This will help to keep your passwords protected should your computer get lost or stolen.
Software-Based Password Managers
Below are some of the most trusted and widely-used password management solutions available:
RoboForm is one of the world’s leading password management software programs. It is simple to install, easy to use, lets you fill login usernames and passwords (and forms) automatically and works on all devices (PCs, laptops, mobile devices, etc.), all browsers and across all platforms …
RoboForm adds a toolbar to your browser, giving you easy and secure access to all your passwords and website logins, automatic filling in of web form with one click, the ability to save notes and bookmarks, search the internet, generate new passwords and more …
The RoboForm Logins menu helps you organize, edit and display all your stored usernames and passwords on one screen, and print a list of all your stored information. You can even have RoboForm go to a website, fill in your username and password, and click the submit button of forms automatically …
The Options menu allows you to completely customize RoboForm. Security settings, languages used, user data, as well as the look and feel of the toolbar can all be changed to meet your own personal preferences …
RoboForm is also continually updated, it’s secured with military-grade AES 256 encryption, and provides excellent user support.
To learn more about RoboForm, visit the site below:
KeePass is a free portable password manager for PC (Windows, Linux, Mac OS X), with ports available for Android, iPhone, iPad, and more. KeePass keeps every username and password pair in an encrypted database, protected by a single master password or key (the only one you have to remember). It doesn’t store your database in the cloud unless you upload it there.