Over at the WordFence blog, Mark Maunder explains why it’s important to enforce strong passwords on your website: f someone hacks your site and downloads the user database table they can crack your encrypted passwords at their leisure  We can fix that and here’s why that matters!

“Why do I care, my site has already been compromised?” you might say. The issue is that many users have the bad habit of using the same password across multiple websites and that’s why the hacker grabbed your password file and is throwing significant resources at brute-forcing it: So that they can gain access to the real treasure-trove of Gmail accounts, LinkedIn, Facebook, Hotmail, Quicken, Paypal, eBay and all the other valuable accounts out there that let them steal real money from real people who are members of your website.

This is why, even if you have brute force protection on your site, you should enforce strong passwords: To protect your customers other accounts on the Web in the worst-case-scenario of your site being compromised and your wp_users table being downloaded.

Meanwhile you might be saying “What other users?  It’s just me here!”  Ok, so they only have to crack one password then — yours!  And if you use the same password elsewhere, or if you use an easily-recognized password pattern (e.g. hi-mom-gmail, hi-mom-twitter) then they’ll still be able to get into your other accounts.

When RealBasics builds your website we make sure your user’s password are easy to remember but hard to crack.  And if you sign up for our maintenance plan one of the adjustments we can make is to make your passwords more secure.