The Importance of Strong Passwords in 2020 & New Plesk Password Policy

According to an annual report by the Identity Theft Resource Center, there were 500 million stolen personal records in 2018. However this is nothing when we compare to 2019 – the highest number of data breaches in history. There were a total of 5,183 breaches, exposing 7.9 billion records, and making it by far the worst year for data security on record. This is why there is a need to talk more about the importance of strong passwords as we go into 2020. As well as our new Plesk password policy which is planned to come into effect this year.

With such frequent threats that have already affected billions of internet users, it’s clear the way we look after personal information online needs to improve. One major area of concern are passwords. Instead of helping users protect their information, all too often passwords are putting user privacy at danger. We want Plesk to take the lead in data privacy and security.

Therefore, we have a new Default Password Strength Policy, which is planned to set all passwords to “Strong” as of February 18, 2020. Read on for a better explanation of this new Plesk password policy and how it affects you as a user. But first, let’s sum up why having strong passwords is essential to keep your online data safe today.

Hacking Techniques Are Increasingly Sophisticated

Password policy vs Hacking Techniques

The reason for the massive increase in the number of data breaches in the last two years is two-fold. Firstly, there’s been a surge in the amount of sensitive information stored by companies. And secondly – the hacking techniques of 2020 are highly-sophisticated – even more than the previous years.

To combat this advancement in hacking techniques, we need to band together in order to increase the security of the servers that hold such sensitive and sought-after data. Professional “white hat” hacker Marc Rogers says you can start by simply keeping a close eye on what data you hold. By making sure their data has password protection, companies can greatly reduce the number and risk of breaches.

One of the best ways to create and manage your passwords is to use a password manager. This way you don’t have to remember your passwords. Plus, you don’t end up using the same one or similar patterns for every account you have. Instead, you get to store them all securely in an encrypted format and retrieve them when necessary.

More Personal Data Online Than Ever Before

Password Policies

Many companies today offer their services for free in exchange for your personal data. This has led to a massive influx of personal information being available and stored online in the cloud. Try typing your email address into Have I been Pwned (run by a Microsoft Regional Director and web security expert). You can find out how many times such personal identifiable information (PII) has been breached.

The answer may surprise you – or then again, it may not. Major sites and social networks like Adobe, LinkedIn, Canva, Facebook, and Houzz have all been victim to major data breaches in recent years. Exposing the information of hundreds of millions of accounts.

These are risks to your data, policies, technology, and trust between you and your users. Safeguard this and you have the key to avoiding losses and building loyal relationships.

Why Are People Still Using Weak Passwords?

Password Policy and Weak Passwords

When data is in the hands of companies, it’s their responsibility to look after it. But this is no excuse to create weak passwords, which millions of people still do. Is your password generic like “password123”, “qwerty”, “123456”. Or is it the name of your favorite animal, band, superhero or Partner? Know that these are among the most common passwords worldwide.

Passwords that are based on dictionary words with proper capitalization are not effective against brute force attacks. In our new password policy, passwords marked ‘Very Weak’, ‘Weak’, and ‘Medium’ password strength can endure a brute-force attack within seven minutes.

As in our new policy, strong passwords are those that are at least eight characters long, include at least one occurrence of upper and lower-case characters, digits, and special characters. For example: “D@tAs3cUr1TyR0ckZ”.

Whether for a social media account or our financial accounts, such hard-to-guess passwords provide strong protection from brute-force attacks.

The New Plesk Password Policy

New Plesk Password Policy

The previous default password strength for new Plesk Obsidian installations was “Very Weak”. Such passwords in Plesk satisfy only the minimum required strength and could suffer s brute-force attack in zero to seven minutes.

As of December 17, 2019, the new Plesk Default Password Strength Policy became “Strong”. This new stronger Plesk Password Policy sets the requirements that Plesk passwords must meet when they are created or updated.

The ‘Strong’ password strength policy will apply to all new Plesk Obsidian installations by default. You can see and change the default password strength policy in Tools & Setting > Security Policy (under “Security”) > the “Password strength“ section.

This ensures that your passwords are at least eight characters long. And that they have at least one occurrence of upper and lower-case characters, digits, and special characters. For more info on this new policy, check out this article in our support center.

For the password security standards of 2020, check out this article. 

Have you suffered a security breach in the past? What do you think about our new password policy? Tell us in the comments.


  1. Passwords are dead. Plesk should offer FIDO2

  2. Password length is more important than password complexity. A strong password should be wayyyyy longer than just 8 characters long.

Add a Comment

Your email address will not be published. Required fields are marked *


  • Yes, please, I agree to receiving my personal Plesk Newsletter! WebPros International GmbH and other WebPros group companies may store and process the data I provide for the purpose of delivering the newsletter according to the WebPros Privacy Policy. In order to tailor its offerings to me, Plesk may further use additional information like usage and behavior data (Profiling). I can unsubscribe from the newsletter at any time by sending an email to [email protected] or use the unsubscribe link in any of the newsletters.

  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden

Related Posts

Knowledge Base

Plesk uses LiveChat system (3rd party).

By proceeding below, I hereby agree to use LiveChat as an external third party technology. This may involve a transfer of my personal data (e.g. IP Address) to third parties in- or outside of Europe. For more information, please see our Privacy Policy.