There are some major misconceptions among internet users around what makes a secure password; which can cause some major headaches should a heartless hacker get ahold of your email, website or other important login information.
In this article we will cover some common methods used to access password information illegally and how you can protect yourself in the event that you are targeted in such an attack.
To get started, xkcd has a brilliant cartoon covering password strength:
To summarize, most people use passwords that they find difficult to remember but look complicated to the naked eye but unfortunately not for computers to guess. Rather combine multiple simple word to create a longer, more secure password.
Brute Force Attacks:
This is an attack on a login screen or file that happens continuously using every character on a keyboard until a successful login or the file has been unlocked.
Hackers use a cloud/dedicated server to attack specific targets that are vulnerable to this form of assault. This would have to be any service that does not have a maximum number of attempts or lockout feature, allowing the device to attempt 1000’s of random combinations per second uninterrupted.
To see just how long it would take a basic server to do this you can click here and play with the cracking speed to see how safe your password would be from such an attack.
This resembles the brute force attack but rather than just trying random combinations of characters, it tries every word in the dictionary to see if the password is a known word.
This sort of attack only lasts a few minutes to run through and find a result, which is why we always recommend to our clients not to use simple passwords and if they must at least combine 2 or more random words together. With dictionary attacks it does not matter how long the word is, it is at risk.
WordPress Site Security:
By default a WordPress website comes without any lockout functionality, meaning that if you have a site like this you are open to dictionary and brute force attacks mentioned above and its just a matter of time before someone hacks your website and poisons your site with backlinks and redirects to other websites.
In the most extreme cases your site can be made completely unusable if you have not backed up your site or database. We recommend a plugin called Wordfence to give you advanced tools to protect your website and make it virtually impossible to get into.
This will mean ensuring all your plugins are always up to date, you remove your default admin user and set up the relevant lockout settings to block multiple unsuccessful attempts to your site.
This plugin boasts to block roughly 18 361 attacks per minute, with their website even showing 2% of all attacks happening in real time.
If you need any more information about how to protect your website or email, or if you are looking for a new hosting provider don’t hesitate to contact our support team on 087 470 000 or email [email protected]