Creating and using strong passwords is an important part of your server/website security.
With Plesk 11, a strong password is required with your initial setup. These passwords are at least 8 characters long. Along with upper and lower-case characters, they require multiple occurrences of digits and special symbols. Such passwords provide strong protection from brute-force attacks.
Things to include
- At least eight characters.
- One or more of each of the following:
- lower-case letter
- upper-case letter
- punctuation mark
- Lookalike characters to protect against password glimpses. Examples:
- O as in Oscar and the number 0.
- Lower-case l and upper-case I.
- The letter S and the $ sign.
Things to avoid
- Words you can find in the dictionary.
- Passwords shown as "example strong passwords."
- Personal information, such as names and birth dates.
- Keyboard patterns, like qwerty or 12345. Particularly avoid sequences of numbers in order.
- Common acronyms.
- All one type of character - such as all numbers, all upper-case letters, all lower-case letters, etc.
- Repeating characters, such as mmmm3333.
- The same password you use for another application.
Memorable password tips
While passwords that are easy for you to remember are also less secure than a completely random password, following these tips can help you find the right balance between convenience for you and difficulty for hackers.
- Create a unique acronym for a sentence or phrase you like.
- Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh.'
- Jumble together some pronounceable syllables, such as 'iv,mockRek9.'
Keep your password secret
- Never tell your password to anyone (this includes significant others, roommates, coworkers, etc.). If you need to grant someone access to your server, set up a separate username and password for that person.
- Never write your password down, especially not anywhere near your computer.
- Do not store your password in a plain text file on your computer.
- Never send your password over an unecrypted connection - including unencrypted email.
- Periodically test your current password.
- Update your password every six months.