Web

How to choose a good password for your website

Some of the following tips were invented at the same time as passwords, but we still don’t follow them.

Thinking up a password for our website using mnemonic rules may seem useful, but it is actually the worst thing we can do.

And it is not the worst thing we can do to protect our websites, but it can also be applied to anything that is password-protected. Banks are sick and tired of telling us not to use our birth year as a PIN on our card, just as it should not be used as a PIN on our phone. It is to avoid the mnemonic temptation that many websites require a password with a minimum of 8 characters and containing both numbers and letters when you register with them.


What are the bits of a password

The security of a password is measured in bits, the more bits the greater the number of possible combinations a password can have.

The number of bit combinations of a password is expressed as 2n, where “n” is the number of bits in the password.

The bits are represented by 0 and 1, which means that if a password has 4 bits (24) it has 4 possible combinations: 00, 01, 10, 11.

A 3-bit password (23) has 8 possible combinations: 000, 001, 011, 111, 100, 110, 111, 101.

For example, a credit card PIN can have 10,000 combinations (from 0000 to 9999) or (2*5)4 combinations.

How many combinations does each of the bits mean?

  • 3 bits have 8 possible combinations
  • 4 bits have 16 possible combinations
  • 5 bits have 32 possible combinations
  • 6 bits have 64 possible combinations
  • 7 bits have 128 possible combinations
  • 8 bits have 256 possible combinations
  • 9 bits have 512 possible combinations
  • 10 bits have 1024 possible combinations
  • 20 bits have 1 million possible combinations
  • 30 bits have 1,000 million possible combinations

As we can see in the list above, every time we add a bit to a password, the number of possible combinations that password is doubled.

1 billion possible combinations (30 bits) sounds like a lot, but it is actually very few. Nowadays, a 50-bit password (1,125,899,906,842,624 combinations) can be broken in a few minutes with an ordinary home computer or smartphone.


Tips for choosing a good password

Can’t think of a way to generate a good password for your websites?

Use a password that is at least 20 characters long, using numbers, uppercase letters, lowercase letters and special symbols at the same time.

Also pay attention to the following tips:

  1. Do not use the same password for several websites
  2. Do not use the names of your family, friends or pets in your passwords
  3. Do not use postcodes, numbers or street names, telephone numbers, dates of birth, ID numbers, etc. in your passwords.
  4. Do not use any dictionary words in your passwords.
    • Examples of good passwords:
      • ePYHc~dS)8$+V-‘
      • qzRtC{6rXN3N\R
      • gL zbfUMZPE6`
      • FC%)sZ fUyMU
      • E5&7+ZPE6“
    • Examples of bad passwords:
      • qwert12345
      • OWPQJME
      • 1234567890
      • 987654321
      • hellohowareyou
  5. Don’t use two or more similar passwords whose characters are mostly the same, because if someone gets one of these passwords it means that technically they have got them all. For example:
    • iloverosesWordPressBlog
    • iloverosesWordPressShop

The more complex, random and longer a password is, the better.


How to generate a good password?

cómo elegir una contraseña de wordpress segura

You can do it in different ways, although the manual way is still the most recommended:

  • Manually combining lowercase and uppercase letters, numbers and special symbols randomly until you have a password of at least 16-20 characters in length.
  • Using online password generation tools such as passwordsgenerator.net (I change the order of the characters or add more than those generated by the tool).
  • Using the WordPress password generator, which also tells you the strength of the password you enter. Here’s how to generate a good password using WordPress.

Generate a good password using WordPress

You can generate and change WordPress passwords quickly and easily, and the tool itself tells you the strength of the password you are entering.

If you enter a weak password, WordPress will ask you to confirm (at your own risk) that you want to use a weak password.

Below you will see how to change a password in WordPress easily and how the password strength indicator changes as you improve your password.

Change a password through WordPress’ dashboard
Go to Users > Your profile
Click on “Generate Password”
Password too weak. WordPress asks you to confirm using a weak password
Still weak
Medium password
Strong password

How do you store so many different and complex passwords securely?

It’s all very well having secure and different passwords for all our websites, but it’s impossible to remember them all by heart. So how can you store so many secure passwords, in one safe place?

I use KeePass.info, not only for my websites but for all the online sites I am registered on.

KeePass is a free open source password manager for Windows and Mac and also has Apps for iOS and Android.

captura de pantalla de keepass para guardar contraseñas

Passwords are stored in an encrypted database, which can only be unlocked with a master password (which you will need to remember).

In addition, to have all my passwords available anywhere I have the database synchronised in my Google Drive account and can access it via my laptop or via the KeePass App.

Synchronise KeePass with your Google Drive account

To synchronise KeePass with your Google Drive account (and be able to access the database with your passwords from anywhere and from any device) you must download and install the KPGoogleSync extension and configure it correctly using this tutorial:


Bibliography and more information about cryptography and the importance of using strong passwords:

What are the encrypting bits

What is the bit, size and length of a password