Social Media, SEO
& Your Business

by Mitch Mitchell

Using Your Website
As A Marketing Tool

by Mitch Mitchell


Follow Me On Twitter;
Click The Bird!

Add me on Google Plus!

Embrace The Lead
by T. T. Mitchell


Free Download; right-click on book

Leadership Is/Isn't Easy
by T. T. Mitchell


Why Are We So Lazy With Our Passwords

Posted by on Sep 14, 2015

By now, almost everyone should have heard about the hacking of the adult cheating site Ashley Madison. Because the hackers decided to release all the information online (actually, I have no idea where they released it because I didn’t care), it’s caused a lot of grief and scandal and a few suicides; come on now, really?

Linux password file
Creative Commons License Christiaan Colen via Compfight

As stupid as it is to join a site like that in today’s world, especially once we hear of all the website and corporations that have been hacked, what seems to be even more stupid are the most common passwords used on the site. Those passwords are: 123456, 12345, password, DEFAULT, 123456789. According to Gizmodo, the only bad password not listed in the top 25 of 2014 was ‘DEFAULT’. The password ‘123456789’ was in 6th place on their list; the other two in the top 5 were ‘qwerty‘ and ‘12345678‘.

Good grief; no wonder so many people seem to get hacked so easily. I mean, I know right now it’s very difficult to stop people who really want to get into your accounts but why make it too easy for them?

Now, I’m not going to act like I’m totally perfect; at least not in the beginning. I never used any of the passwords listed above (thank goodness I wasn’t quite that dumb), but I wasn’t above having very short passwords initially, as well as common names of things that might have been easy to figure out. Then again, back in the day there weren’t as many people hacking into accounts and there weren’t as many sites so we could get away with it.

What made me start changing up my passwords was having my business email account hacked. I never thought about it all that much until I was getting bombarded with email… from myself! lol I’d set up the email account in 2002 and given it a fairly easy password. However, I’d also started using a script on my site that I found online which turned out not to be all that secure.

Thus, I knew a lot of emails were going out in my name, which was painful enough, even after I removed the script. For a few years everything dwindled down and I thought I had it all fixed… until it started up again, this time way more intense than before. It took my hosting company to finally contact me and tell me they believed my account had been hacked for me to realize how stupid I was and to change up all my passwords, making them tougher & harder to break.

On one level that’s perfect; on another… well, I’m betting many of you know the other side. We create tough passwords but if we have a lot of things to get into it makes them difficult to remember. As I sit here right now I know that I only know the username and password for 3 of my 5 blogs, and for maybe 3 or 4 other websites I participate with in some way; that’s it. I’ll admit that I have a file on my computer that has all that information, and for many others I use Keeper, which is on my smartphone and mainly keeps passwords for wifi spots in restaurants I visit often.

We all need to either create very strong passwords or change our passwords at least every 90 days. Some IT authorities believe we should change them every 30 days, and many of you who work in corporate know that’s what you end up having to do.

However, even this might not be enough to keep you from having a bit of grief. I know this because last night I went to GoDaddy to update my subscription for this blog and, even though I’d changed my password a few months ago, I was blocked because apparently there’s someone out there trying to get into my account… probably not me personally but using software trying to get into multiple accounts. Luckily GoDaddy shuts it down after so many attempts, but it seems that changing my password does no good because you can’t change your account number without canceling your account and starting again; nope, I’m not doing that.

Since we can’t attain perfection across the board I warn you to do something to protect your interests. For me, I’d gone with harder passwords so I don’t have to constantly change them. When it comes to your blog, many of you might have missed my post about Limit Login Attempts since I wrote it in 2009, or my post on the Top 10 WordPress Plugin Recommendations I wrote here in May, which includes the one above and a couple others that will help you protect your blog.

Be smart with your passwords and usernames; protect yourself.

Digiprove sealCopyright secured by Digiprove © 2015 Mitch Mitchell
Share on Google+0Share on LinkedIn4Tweet about this on Twitter10Share on Facebook0

Tags: , ,


I got a notice from my web host saying several of my sites had been hacked and I had 24 hours to remove the malicious code or they were shutting them down. To paraphrase, they wrote, “Oh, and by the way, there is a lot of bad code and accidentally removing something you should not could break your whole site. Good luck. Oh, by the way, you can buy/subscribe to this company we partner with and they will fix your malware infected sites. 24 hours. Get on it!”
(My rant on mafia extortion tactics removed for brevity…)
So one thing everyone kept saying was update your WordPress plugins and CHANGE ALL OF YOUR PASSWORDS.
So that has gotten me to thinking and one thing I came up with is along the lines on what you said Mitch about having a file on your computer with your passwords. BUT… what if you do not have your computer with you? What if you are on your tablet or smartphone and need a password for something? So what I am working on is an Excel spreadsheet with all my passwords in a password protected file that I keep in DropBox. This way all my passwords are with me as long as I have Internet access.
Troy Swezey recently posted…#834 Penny farthing bicycle is head and shoulders above the restMy Profile

September 14th, 2015 | 3:25 PM

Troy, didn’t you see that link I put in for Keeper? I use that on my smartphone. I also have a larger file that I keep in Dropbox for now, although I have to admit that with all the hacks that one scares me a little bit.

I’m having an issue with code on my oldest blog as well. Trying to upgrade it to PHP 5.4 but it won’t take for some reason. The host can’t help me; irritating and frustrating but I trust me to figure it out some day.

September 14th, 2015 | 4:22 PM

Yes I saw KEEPER but did not click through to research what exactly it is.
Today is my day off and my main missions are to look for a job and post pictures of some of my work on my Facebook page as well as update LinkedIn etc. All those things people do when they find themselves without a job. :/
“Every new beginning comes from some other beginning’s end.”
Anyway, glad you have your password issue under control.
Troy Swezey recently posted…#837 Giant chess gives me a giant sized smileโ€ฆMy Profile

September 14th, 2015 | 4:46 PM

Uhhh… you’re looking for a job? You just kind of casually slipped that one in; what’s up?

September 14th, 2015 | 4:59 PM

The bakery I worked for was sold and the new owners say that want me but I am not gonna wait around to find out. Gotta be proactive. There are some good leads out there for someone like me so…
Check out the Treats By Troy album on my Facebook. More pics being added almost daily. LOL!
Troy Swezey recently posted…#843 The old time style microphone brings music to my earsMy Profile

September 14th, 2015 | 6:37 PM

Do you thing my man! ๐Ÿ™‚

September 14th, 2015 | 8:23 PM

By the way, you don’t come up under a Facebook search; how the heck have we not connected on Facebook before now?

September 14th, 2015 | 8:24 PM
Purushottam Thakur:

The most basic security measure you can use to guard against this is to have multiple passwords for your different online accounts โ€“ whether they are for personal or business use. And donโ€™t just think of easy passwords, like your birthday or wedding anniversary โ€“ these are usually the first thing hackers try. The best passwords are alphanumeric โ€“ composed of both letters and numbers so that itโ€™s harder to crack.
Purushottam Thakur recently posted…Why And Why Not Need An Antivirus Application In Our Android Phone or Tablet?My Profile

September 15th, 2015 | 6:20 AM

That’s true Purushottam (is there a shorter name I can call you by? lol), though they can be hard to remember. Maybe one of my idea in this post will help some.

September 15th, 2015 | 9:12 PM
Purushottam Thakur:

Thank you! you are right, my name is big and hard to remember. Actually my full name is Purushottam Kumar Thakur. But you can call me Thakur or Uttam.
Purushottam Thakur recently posted…The Top 5 Android Security Application (2015-16). Which One You Want To Use?My Profile

September 16th, 2015 | 7:00 AM

My apologies for not having noticed that the email automatically showed one that I had discarded. I shall be more careful in future comments. I hope that this works from now on.
Rummuser recently posted…Monsoon Revives.My Profile

September 15th, 2015 | 8:52 AM

We’re good once again Rummuser! ๐Ÿ™‚

September 15th, 2015 | 9:11 PM

I hope that this works now. I have now changed the email address from the old one to the new one.
Rummuser recently posted…Monsoon Revives.My Profile

September 15th, 2015 | 8:54 AM

Great post Mitch! You are so right. After you have an email account hacked once, that is all it takes to wake a person up.
Matthew recently posted…Dry Skin What You Should KnowMy Profile

September 19th, 2015 | 12:24 AM

It certainly taught me a major lesson that’s for sure. lol

September 19th, 2015 | 2:11 AM

Me too. One of my email accounts got hacked a few years ago and they sent out an email to everyone in my address book. I had to immediately reset my password and then send out an apology email letting everyone know that it was not me that sent it. I wasn’t even using one like ‘1234567’ or ‘qwerty’.

I have been using very difficult passwords ever since.

September 19th, 2015 | 7:37 AM

Honestly I am not surprised about the idea diversity of most people. I try to constantly change my passwords every 2 – 3 months. But yeah, over the past years I have created basically a database for all my accounts.

I am exited about Keeper, never heard of it before.
Do you know whether there is a reminder for udpates on passwords, or if you can note it somewhere with the Login information, so that you can always see when you alst changed it?That would be great.

Sorry, for focussing to much on Keeper. I started tipping this comment, when I opened up your post for Keeper.

September 25th, 2015 | 5:25 AM

There’s no reminder on Keeper for that as far as I know. On that front you’d have to set an alarm elsewhere. As for passwords in general… I hate changing them, but I’ll do it every once in a while if my mind starts believing that it might be too easy for someone to crack.

September 25th, 2015 | 10:39 AM

Thanks Mitch. A reminder would have been wonderful. But anyways I will consider giving it a try.

October 1st, 2015 | 10:26 AM

My husband and I made the mistake of having the same password for all accounts. Someone hacked one thing and had access to everything. Now we have random passwords for everything. We haven’t had a problem sense.
tanya recently posted…5 best principles to keep you and your employees motivatedMy Profile

September 30th, 2015 | 4:22 PM

Glad you owned up to that Tanya. I understand that because back in the day I had the same username & password for every site I visited. Course, back then we didn’t have to worry about hackers or people coming up with software to crack sites we joined. I know a little better now; whew! ๐Ÿ™‚

October 1st, 2015 | 12:48 AM
Before you leave a reply; please see the comment policy if this is your first visit. This blog doesn't accept keyword names. I need a real first name or a legitimate nickname that you're known for. If your name has more than 3 words or the email address begins with "info" or "admin", the comment automatically goes to the spam filter; same if there are any links in the comment or if you don't have a gravatar. If your comment goes to spam for any of these reasons, or any other reason listed in this post, it may never show up on the blog (I do forgive the link issue if you've commented on the blog previously and I'll forgive the gravatar thing for first time visitors). If it goes there for any other reason (and I know some do), I'll pull it out as I don't intentionally moderate any comments on this blog.

One last thing; if your link is an affiliate link or goes back to a strange website or webpage I don't like, if I keep your comment I'll remove your link. That's why I have CommentLuv for blogs; if you have a legitimate business just leave that link & no sub-links. Trust me, it's best to read the comment policy if you don't get it, or never see your comments showing up here.

If you like this post, why not donate to the cause? :-)


CommentLuv badge