Strong passwords help secure your site and your reputation

Some things are so important they bear keeping in mind. This evergreen post was initially published in 2012 and has been updated to make it current.

Without strong passwords, your site is open to thieves

We want to speak to you about the importance of using strong passwords.

In recent days, we have recorded thousands of separate attempts to access WordPress accounts on our servers. Undoubtedly there could have been more, as our security software is configured to send us reports when a user has been locked out after entering the wrong password multiple times. This is not a deliberate attack on our servers. Attacks like this go constantly, day in and day out, on every web server on the internet.

Resistance is futile without strong passwords

These attacks are carried out by networks of compromised computers known as botnets. An individual computer can be infected in various ways and become part of a network which is then used, without the knowledge of the owner, in endeavors such as denial of service attacks and password guessing schemes. There are literally thousands, in some cases hundreds of thousands of computers involved in a single network.

Our security software allows multiple retries before imposing a lockout or total ban on your IP address.

These attacks are not very sophisticated. They do not have to be, as there is zero cost to the attacker who is using someone else’s computer for the attack. These attacks often succeed because the average person does not use a strong password. The statistics on most cracked passwords from 10,000 Top Passwords make it obvious why these attacks work:

  • 4.7% of users have the password password
  • 8.5% have the passwords password or 123456
  • 9.8% have the passwords password, 123456 or 12345678
  • 14% have a password from the top 10 passwords
  • 40% have a password from the top 100 passwords
  • 79% have a password from the top 500 passwords
  • 91% have a password from the top 1000 passwords

Check to be sure your password is not on a list of the worst passwords.

Securing your site

Your minimum goal is to make sure you are not part of the 91% using the top 1000 passwords. It is not as difficult as you may think. You can have a reasonably strong password that is not impossible to remember.

Simple / common passwords are always tried first. Cute or unusual spellings are no replacement for a good password. While you may think that unusual spelling or replacing letters with similar numbers, i.e. secure spelled s3cur3, will make it hard to guess, someone else has already come up with it many times before and it is in the common passwords list. Simple, short, one word passwords just are not good enough. In this case, size matters.

Use either a totally random string of characters, such as this, FT3GvOUZn4WOZ077hL5B (make up your own, do NOT use this one), from my password generator, which requires a password manager to remember (which is what we do), or use at least two random words and at least one random number. Go ahead, write it down (but don’t reuse it anywhere else). You are not defending against someone that’s breaking into your office to search your desk, you are defending from automated attack by a botnet.

A great resource for generating random words is unique-names.com. Just open the page and pick two or three words from the list. Stick in one or two random two or three digit numbers between and/or after the words, and you have a password with extremely low odds of being on the list of guessed passwords. The words themselves are almost guaranteed to be on the list, so DO NOT use only one word. It is the particular combination of words and numbers which is strong. If you’d like to use a truly random number, ramdom.org has a true random number generator on their front page. Just enter a minimum and maximum, say 100 and 999, click Generate, and use the three digit random number you’ve just generated. Write your password down or enter it into your favorite password manager.

Manage your passwords

Should you wish to start using a password management system, there are several good ones reviewed at InfoWorld, both free and commercial. We prefer KeePass, but read the review and see which one works for you.

Changing your password in WordPress is easy. There’s a video at WordPress.tv showing how to do this. While this video was generated a number of years ago for WordPress.com, the basic functionality still applies and works for both WordPress.com and self-hosted WordPress.

One of the most important things to remember when using a password manager is that there is now a single password which grants access to all the others. It is imperative you use a very good password to access the password manager’s database. We recommend trying several words arranged into a memorable nonsense phrase (those random word lists at unique-names.com are handy for this). Again, size matters.

You may think, why should I worry about someone guessing my password, there’s nothing valuable on my website. What happens to your brand’s reputation if malware is installed on your site and all your visitors are infected? And what happens when Google marks your site as infected and posts that in conjunction with your URL? If your site spews malware, you’ll see all the hard-earned SEO efforts you’ve dedicated yourself to crumble.

Don’t share your login with others. If you must share with someone, so they can perform maintenance or install software or perform some action you have authorized, change your password after the task is completed.

Last, but extremely important, never, never, ever, reuse passwords. Once a password is guessed, the attackers will attempt to identify other accounts you own and try the password on all of them, like your online banking accounts. What about your domain registration? What would it cost your business, in money and reputation, if someone logged into your account at your domain registrar, and stole your domain? What if they then linked it to a pornography site?

Adding 2 Factor Authentication to your site

Adding two factor authentication (2FA) to your site is one way to add another layer of security. It uses something you know (like your password) with something you have (your phone for example which can generate or receive other login information.

WordPress writes:

Logging in with a password is single-step authentication. It relies only on something you know. Two-step authentication, by definition, is a system where you use two of the three possible factors to prove your identity, instead of just one. In practice, however, current two-step implementations still rely on a password you know, but use your Phone or another device to authenticate with something you have.

WordPress Beginner offers a tutorial on adding Google Authenticator as a 2 factor authenticator service.  Plugins for 2FA can be installed as well. Here’s one from techjourney.com about how to use Authy for 2FA on your site.

Make sure you have a strong password, and consider adding 2FA

We figure a word to the wise is sufficient. Create strong passwords. Don’t share them. And never resuse them. Your business and reputation depend on it.

 

Public relations tactics that work

This evergreen post was first published on our blog in 2009. We’ve updated it and republished it.

Everybody loves to win!

When we were children, we may have avidly collected cereal box tops or points in order to enter a contest. We also may have colored a picture to send to the local weather broadcast hoping to be selected the “Weather Picture of the Week.” These days with ubiquitous cell phone cameras, many of us submit photos to our local news outlets for their weekly or daily Picture of the Day/Week. We buy lottery tickets and enter contests believing that our luck is great and we will win. We enjoy competing and being singled out as special. 

Each one of us believes that we have a specialness about some aspect of our lives. An entire generation of children have been raised believing that they are special. Psychologists call this Pseudo-exceptionalism. Jeremy E Sherman Ph.D., MPP writes in his post on Psychology Today, “Pseudo-exceptionalism — the unearned conviction that we are exceptional, superior to others because we were born…us.” 

When it comes to public relations for your company, you can use these traits of human nature to your advantage.

People love contests. We are competitive by nature and want to demonstrate our prowess. Look at the success of America’s Got Talent, American Idol and other competitive reality television shows. We get a vicarious thrill rooting for those we favor. Businesses love contests because through contests they are able to increase brand awareness, build their email marketing lists, gain new social media followers, and move the needle of those visiting the brand’s website. Contests can be synchronized to fit holiday schedules and seasonal business goals. They can help you boost sales. 

Contests are one of the oldest ways to bring attention to a company. They work well when piggybacked on current news or cultural trends making the news.  As an example, mother’s day and father’s day contests and sweepstakes giveaways are very popular.

We also like to share our opinions with others.  Whether use use social media comments, consumer surveys or Google Reviews, we crowd source referrals for auto repair, haircuts, new doctors and lawn care.

As noted on Marketing Charts, and from Kantar Media’s report Dimension 2019 “Just one-third (33%) of consumers who rely on advertising for brand information say they trust its messaging, making it the least credible source of information among the options given.”  Most of us rely on friends and family for recommendations. However, we also rely on review sites. “Some 44% of the respondents across 5 markets use reviews for brand information, with 7 in 10 of these trusting the information they find.”

What Brand Information Sources Do People Trust the Most?

Businesses regularly use Google Reviews to spotlight their superiority and Google uses them to help show us companies which are more successful their others. Here’s an example of how one company calls for their social media followers to rate their company on Google.

Survey says!

Conducting surveys to allow your company to announce the results and spotlight your firm’s knowledge of what customers think is a sound tactic. You make the news — especially if your survey is timed to fit the news cycle. BrandSpark is a company that issues brand trust awards which regularly surveys consumers to learn which brands are most trusted. In doing so, they make the news. 

As another example, YouGov and ACI Worldwide surveyed consumers to learn they are “concerned about the security of their financial data when they pay at gas pumps and convenience stores.” ACI Worldwide states that they “deliver electronic banking and payment solutions for more than 5000 financial institutions, merchants, billers and processors around the world.” By conducting this survey ACI signals to merchants their awareness of consumer issues, thus increasing the opportunity for trust from those needing payment and electronic banking services.

Surveys do not need to be national. They can be local. So can contests. Have you used contests, giveaways, surveys or research to help position and market your firm? Tell us about how you used them.

Remember, The most successful marketing tactics and strategies build on human nature and on current trends and seasonality.  

Is your press release like a message in a bottle?

This evergreen post was published on our blog in 2009. We have updated it for today.

When to use press releases

Is a press release any good anymore?

Depends.

If you are pitching a national story with strong news interest and relevance, you can use a release to make sure select outlets and journalists you interact with have all the information they need. However, if you are just using it like a message in a bottle, casting it out on the water just to see who answers; not so much.

Press releases have evolved

The use of press releases has evolved. Releases are a great tool for reaching prospective customers if you publish them to your own website. Self-publishing them to your blog or newsroom first is critical. Avoid putting them on multiple free press release sites as these move traffic away from your own site and this tactic has sailed like a ghost ship over the horizon. Google even may mark your website as spam if you post press releases to non-relevant sites. The reality is that releases can help you deepen content on your website and are great when optimized well to bring interested customers to your site.

The days of mass blasting of a news release are gone. Or they should be. If your public relations consultant says this is what you should do, run! What is imperative is a carefully crafted pitch to bloggers, social media followers and interested journalists with whom you’ve developed relationships. Get to know journalists in your field first. With bloggers, seek permission to send a release or know that they are open to receiving your release before you send it. And for all outlets and journalists, make sure to deliver your press release in the manner that they request. Some reporters and editors no longer wish to receive press releases via e-mail and have returned to the days of snail mail.

Relationships come first

Don’t wait to get to know bloggers and journalists; develop your relationship with them over the course of time. Follow them on social media. Reading and following their writing, interacting with them on social media and commenting on their work. Create value and become a known source and then when you have a story to pitch or news to share, they frequently are much more open to receiving it.

If you need help attracting attention for newsworthy stories from your business, give us a call. We’d love to provide our counsel to your business.