Everyday we are made aware of another major website getting hacked. The latests news revealed that companies like Sony, Chase, Forbes, Home Depot, Target and many other large companies with Billions of Dollars in yearly revenue are hacked by individual hackers or large networks of hackers.
How are they hacked you might ask. There are many ways that a hacker can gain access to website. From Brute Force Attacks to Social Engineering. Over the next few articles, I will be touching on the various ways to protect yourself and your website.
Note: There is no way to have a website that is 100% safe from being hacked. Even the White House Computers have been hacked. The goal is to make it extremely difficult for anyone to hack your site.
Usernames and Passwords have been the main way to authenticate yourself with a website whether it be your social media account or your bank accounts, or even your website. The problem is that the average person prefers convenience over security.
- Do you reuse your usernames?
- Do you use the same password for all your accounts?
- Are your passwords less than 14 characters?
- Are your passwords only using Letters and Numbers?
The vast majority of people answer yes to at least 3 out of 4 of the questions asked above. Truth is most people answer yes to all four.
It is understandable. The average person has well over 7 online accounts that they have to remember. Hackers know this and use basic techiques like Rainbow Tables Password Crackers or Dictionary Attacks which is basically a list of every variation of a word with numbers added. This is also called a Brute Force Attack.
One solution is to block failed password attempts after a certain amount of attempts. But there is a way around this. Hackers can use whats called a Botnet which is basically a bunch of systems working to complete a task. They might be scattered all around the world so their IP Addresses will all be different. They can attack your login page with attempts at cracking your username and password. If a Botnet has 100,000 systems working to complete the task and your security protocals block an IP Address after 5 failed attempts, then you’re talking about 500,000 possible attempts made. If your username and password are week, then success might be likely.
Now look at these two passwords
- Sports123 – This password is only 9 characters long and only includes letters and numbers along with one uppercase letter. A simple Bruteforce attack by a Botnet can crack this password in less than 1 Second .
- wUsjDhUbcAHbv?WYGU37Hg}pikeqM[qLHKT4Hr$HB6T3dYQz8Z – Yes, that’s a password. It’s 50 characters long, uses various combination of letters, numbers and special characters. This password would take the worlds most powerful super computer over 10,000 Centuries to crack.
Obviously remembering the first password is quite simple, the second is virtually impossible even for the people who have Eidetic Memories AKA Photographic Memory. Now imagine having a different password for each of your online accounts, each with equally strong passwords.
To handle this task I recommend using a password manager. They are simple to use, often free and provides you with one of the best tools to protect your website or online accounts.
- Dashlane – Comes with both a Free and premium Version. Sign up here using my refferal code and you can save if you decide to upgrade from Free Version to Premium https://www.dashlane.com/en/cs/3bbe309e
- 1Password – Free Trial and highly robust platform https://agilebits.com/onepassword
- Lastpass – Another popular password manager https://lastpass.com
There are many more password managers and most are extremely user friendly. Using one will help you manage multiple accounts with one click login and if you go premium with the services, you can even sync them between your devices.
How do they work?
The basic way they work is by installing the program on your computer, creating One master password which is often the only password you need to remember (Make this password strong enough and change it often). Then start adding your various accounts by copying and pasting the url to the login screen and placing it in the proper field of the password manager, Place your username in the username field and your password in the password field.
Note: Update your passwords with new ones that are extremely strong. The above mentioned providers offer password generators.
Now you are setup and you can have one click login for your accounts and have peace of mind that you are making it harder for anyone to get into your accounts with your username and password.
How secure are the password managers?
Great question. The ones mentioned above use AES-256 which is an Encryption Algorithym that is considered unbreakable. The password managers are far more secure than the simple passwords used by most people.
Don’t leave yourself open to getting hacked. As mentioned earlier, there is no way to guarentee that you won’t be hacked but you can at least make it extremely difficult for anyone to access your information. Remember, most hackers go after the low hanging fruit.