How to Improve Password Security
Oftentimes, users don’t bother with password security, believing that “user123” is strong enough. The point is that if anything happens, they will most likely blame the store owner. So, how to protect your clients, when they do nothing for it?
Here is the list of tips that may help you.
Make It Longer to Make It Safer
A basic rule of passwords creation that is always left forgotten. “Thanks” to special algorithms, hackers may get almost all the possible 4-characters combinations. Passwords of even fewer characters don’t exist at all.
The point here is simple: the more characters a password has, the harder it becomes for a hacker to crack it. Most resources allow passwords of no less than 6 symbols, but you can set the minimum length of as many characters as you wish. The longer, the better.
Change the Default Password
In order to save clients’ time, some resources require only an email for registration, giving new users ready-made passwords. Though these websites strongly advise customers to change it later, not everyone actually does it. Such behavior may endanger the whole account security and make users’ private information be stolen.
How to deal with it? You may softly, but constantly remind your users of password change by email. You may set a huge pop-up on their second or third visit, recommending them to add a new password. Or you may use your own solution. The main point here is to inspire clients to change their passwords.
Set Password Rules for Safety
Length plays an important role in providing security. However, the right pickup of symbols will make a password harder to be stolen. In other words, if your password contains not only small letters, it will be way safer.
The list of how to vary a password is large. You can use:
- Upper- and lower-case symbols;
- Special symbols like dots and hyphens;
- Spaces and so on.
Add specific password rules on at the sign-up and your users can do nothing, but create a strong password. Even one specific character will make it harder for a hacker to generate the password. A number of them are capable of making it almost unguessable.
Update Your Password
Another action you can take for providing more security is setting a Password Lifetime. This feature will make your clients’ passwords expired after a certain period of time. In such a manner they will have to update it and thus make the password guess less likely.
To make this process automatic, you can use various software tools or extensions for your CMS. For example, our Security Suite for Magento 2, apart from general security improvements, allows for easy Password Lifetime denoting. It may depend on not only the time period in days. You can also set the password change after a number of successful logins. There are options to choose from.
Show Password’s Degree of Complexity
A visual indicator will show users how secure a password is much better than lists and tips. Add a colorful scale that displays the level of passwords reliability (from the red Weak to the green Strong) and furnish it with short recommendations on how to improve it.
Thus your clients will be able to see whether their password meets your security requirements and what can be done to make it better. Moreover, a motley indicator offers scope for your designer’s imagination.
Why not make your website look better in addition to security improvement?
Make a Password Blacklist
Users may be so lazy that they may use the simplest symbols combination possible. Since this point of view is quite widespread, statisticians have made a list with the most frequent passwords like such ideas as “user1234” and “password”.
Protect users from such an easy account loss by simply adding a notification telling that this password is a usual one and it will be stolen quite probably. Keeping this in mind, new users will more likely create something complex.
Password & Login Shouldn’t be the Same
Some users even surpass themselves and put in their password the full login or a part of it. As login is the information not very kept secret by users, hackers may not spend any effort on cracking this password.
Don’t let your users fall victim to such laziness – show them a notice that this kind of passwords is not allowed and they should enter another one. Don’t leave hackers a chance.
Make Password Characters Diverse
Having put a number of different symbols within a bunch is not enough to make an account inaccessible. If these characters are located next to each other, like in “123qweasd”, a hacker may not need an algorithm – he may find the password with simple behavior prediction.
It’s no go. Tell your clients that their password is lack of diversity if the symbols are next to each other. A small reminder is enough, but if to take it seriously, it is better not to allow such passwords at all.
Add Integration with Social Networks
It may sound like odd advice, but integration with social networks may even improve passwords security. The point is that on Facebook and Twitter people keep quite personal information, so a lot of them tend to create more complex passwords for it. Use it and allow your users to log in on your website the way they used to.
The Don’t Remember Me Function
There is another thing about passwords storage – not all users want their browsers to keep passwords. Or they have just visited your website with another person’s device. On both accounts, they expect to be automatically logged out with no password storage.
For this purpose, add the function “Don’t Remember Me”, which automatically logs a client out and doesn’t allow a browser to keep the password. A useful feature, when a client uses a shared device. Moreover, there is no better way to forget a password than using the function “Remember the password”.
Train your users’ memory and improve general security with one simple feature.
Mind Your Security
Actually, there will be little benefits from improving your clients’ password security if you don’t pay enough attention to your own. All the rules mentioned above are applicable to your password as well, so think about security improvements for your own part.
Set a long and complicated password with lots of lower- and upper-case symbols, and your admin panel will be much more difficult to hack. If you are not sure about whether your new password is strong enough, use a special tool for it, like the website https://howsecureismypassword.net.
The name is quite self-explanatory. And don’t keep your password written anywhere, like on a post-it note on a screen! A fleet glance of a person will be enough to ruin your store.
Though you can’t get into your customers’ heads and make them create a stronger password, you can do your best on recommending them how to do so. One way or another they will contribute to their own security and won’t easily devote their personal information to hackers.