10 Worst Password Mistakes We've Ever Seen


If you’ve watched Wordfence Live recently, you’ve heard about some of the worst hacks we’ve ever seen and some of the worst WordPress security mistakes. Many of those incidents could have been prevented with better credential hygiene. Next on Wordfence Live, we’re going to dive deeper on an important part of not just your WordPress site’s security, but overall online security, too. This is going to be a great session and it will have guidance for even the least technical people in your life.

You know that friend of yours on Facebook who always gets that RayBan spam hack? Well, we’re going to help you help them! Let’s look at ways to help keep us all safer through better credentials & better password management. And what better way to learn through stories of what went wrong. #wordfence #wordpress #passwordsecurity

Here are timestamps in case you’d like to jump around:
0:00 Introduction
7:43 What is a password?
9:48 Common attack methods that compromise passwords
10:10 Credential stuffing
12:07 Brute force and dictionary attacks
13:57 Shoulder surfing
15:07 Social engineering
18:02 Phishing
20:15 Wireless sniffing
22:17 Man in the middle attacks
24:30 Mistake #10: Not using a password manager
29:57 Mistake #9: Sharing passwords
34:39 Mistake #8: Not being aware of your surroundings
37:17 Mistake #7: Not monitoring and auditing passwords
41:32 Mistake #6: Using passwords that are not complex
46:19 Mistake #5: Using personal information in passwords
49:45 Mistake #4: Not removing ex-employee and/or developer and/or support user credentials
53:00 Mistake #3: Using passwords that are too short
57:27 Mistake #2: Not using multi-factor authentication
1:01:45 Mistake #1: Reusing passwords

How Malicious Attackers are Stealing Passwords

Wordfence Login Security is a free component of the Wordfence plugin that allows you to strengthen protection of your WordPress login. Wordfence Login Security contains:
– A completely rebuilt two-factor authentication feature, now available in the free version of Wordfence
– Login page CAPTCHA
– Improved XML-RPC protection

Details on how to get started with Wordfence Login Security are linked below. These tools will help you secure logins on your WordPress installation with multi factor authentication.

Have you tried Wordfence Central? Manage all of your site’s security in one easy-to-use interface.

Now, with Wordfence Central Teams! You can use Wordfence Central with your Premium AND Wordfence free sites, all for free.
Check out Fast or Slow, the only free website speed profiler that tests your site from 18 locations worldwide.
Sign up for the Wordfence WordPress Security mailing list. Be the first to know when there is a vulnerability in a plugin or theme you might be using.
The Wordfence Learning Center has all you need to brush up on WordPress security and more:
Wordfence is the most popular choice of WordPress professionals for WordPress security. We have a number of security tutorials on our YouTube channel, including Wordfence tutorials. Wordfence security plugin is the number one choice in WordPress security plugins.



Please enter your comment!
Please enter your name here