In Joomla we are using usernames and passwords. It is crucial that you create a strong username and strong password to protect your Joomla website when creating a user account in your site.
Any Joomla web site that employs usernames and passwords must be administered with dedicated attention to ensuring that good security practices are followed by all users. If you as site administrator or your users are careless about how they choose usernames and passwords or store credentials, then a "hacker" or a "botnet"" may find it relatively easy to break your site's security.
You should develop methods and provide information to the (potential) user of your site for the selection of usernames and passwords so registration results in strong and unguessable username/password combinations which are difficult to break.
Would you believe it that the most used password in the world (and on Facebook) is actually (YES!) 'password' followed by '123456', '12345678' , 'abc123' and 'qwerty' (source: Splashdata)
Hilarious, is it? Uhhhh... Are you actually still using the Super Admin name 'admin' or 'admin123' ? Ouch...You know that most bots are searching for a Joomla site where the super admin starts with something of 'admin' and bombs than the administrator access with hundreds of thousands of passwords when it finds one? Result in 99% of the cases: hacked!
So it is essential that you create a good username.
Rule 1 – Password Length: Stick with passwords that are at least 15 characters in length. The more characters the better since difficult to crack. (20 digits are the max in cPanel for instance btw).
Rule 2 – Password Complexity: Use a combination of
A good password generator will help you create a good password. However it is difficult to remember probably so another way of generating a password which you will easy remember is to use a familiar sentence and translate that into your very own, easy to remember password. Here is the example of my text phrase:
"I am married and have two daughters of fourteen and twenty one years old" .
Now I keep only the first digit of each word, scratch the rest and I have a possible password: "Iamahtdofatoyo".
This though needs a little tweak to make is super strong and I will be still able to remember my password so we get when we look at the digits: 'iaM+h2do4t&t1yo'.
Now THAT is super strong and even I can remember that!
Now we have strong user names and strong passwords it is the moment to spend some time on the issue of how to practice good password security in daily life: