Website and Email Security

Oh my lord...passwords!

This is a constant struggle for server/cloud service providers and their users. Providers want you to have a million 30 character passwords all different and users want to use "password123" for everything. Both parties have valid points, but I have to say, I don't think users understand that every website, email account, server or cloud server is under constant attack from every angle. There truely is a war going on for access to systems and users seem to be completely unaware in most cases.

So whats really going on?

If we use Cloud.Mebsites.com for example and bear in mind we are a tiny player in the market. Every day we will get 5-40 central system hack attempts, 7,000-100,000 Spam/phishing attacks, 5-10 hosting account brute force attempts, one or two DDOS attempts a week. This is nothing compared with places like Godaddy and Namecheap this wouldn't even register on their hourly reports. One email account breach can mean 10,000 or more emails being spammed through that account, potentially blacklisting the whole servers domain and IP address.

Every day there is a cycle of spam, hacking, phishing and hacking on every website, email and every service. The hackers use brute force methods to gain access to your site. And guess what? that "easy to remember" password is right where they start first. Why? because they aren't nice people and they are there to exploit and steal your details and our services for their profit, just like theives in the real world.

Every year a list of the most common passwords is published, here are the top 25 for 2014 and another one of 10,000. Humans are interesting creatures and while we feel unique, especially these days, there are some constants and one of those is a propensity to take the easy route and using the same langauge that has clear easy things to remember and big hard complicated things. It doesn't take a genius to realise after you look at the password lists we are screwed.

Lets do the sums

Lets say you have comon password number twenty one. How long will it take to get hacked? Twenty one attempts. Most services will lock you out after 3-5 attempts so lets say the hacker does 3-5 attempts in a cycle every day. So in 4-7 days your password has been breached and someone else owns your account!

We are all guilty of using weak passwords

Some clever people use poor passwords for things we don't care about and leave the hard ones for our precious stuff like ebay and our bank accounts. Because that's clever right? "I don't care about those other accounts if they get hacked"

It's not ok, if someone really wants to hack into your stuff, that is the first place they start. They'll attack the weak points first in order gather information and work their way to a pot of gold. So what Kind of information will they look for? Anything! eBay alerts, other accounts, personal details and confirmations. They'll use that information when hacking other accounts, looking for even more information, anything to move them further to their goal. Next minute, your credit card has been fraudulantly used to buy a round the world air fare!

I can't remember the passwords

You don't have to. There are password storing apps and services with a 10,000 times better security than your home computer or your 'password123'. Using one of these services is one of the best ways to keep the baddies out of your life. Even having a note book with them all writen down is better than using one of the top 100 most common passwords.

Author image
Senior Developer at Mebsites on the Gold Coast, Queensland, Australia. Mebsites is an acclaimed Magento and Custom Framework Web Software coding house.
Gold Coast, Queensland, Australia Website