A typical password consists of a root plus an appendage. The root isn’t necessarily a dictionary word, but it’s usually something pronounceable. An appendage is either a suffix (90% of the time) or a prefix (10% of the time). One cracking program I saw started with a dictionary of about 1,000 common passwords, things like “letmein,” “temp,” “123456,” and so on. Then it tested them each with about 100 common suffix appendages: “1,” “4u,” “69,” “abc,” “!,” and so on. It recovered about a quarter of all passwords with just these 100,000 combinations.

This is a great article from Bruce Schneier on how to choose a secure password. All of our websites are under constant attack from all round the world with “hackers” trying to guess the password on your WordPress site using automated programs freely available on the net. While Lemonberry take great care to monitor, deter and block these attacks, the single most important thing to protect your site is to have a strong password…

I’m updating this post to include a great article from Bill Hess from Pixel Privacy who goes into great detail about our password habits and why we should be using unique passwords every time. Read down to the part about compromised emails:

Put your email address into the Have I Been Pwned? website and see if your account has been compromised in any of the numerous data breaches reported over the last few years.

I tried each of my numerous email addresses one by one and found I was more surprised when an email address proved NOT to have been affected by a breach, rather than having been affected by one.