A lot is written daily about Internet security, where the hundred and one common reasons for attacking websites are explained, the stealing passwords of web services, FTP, mail, etc., and the many ways to avoid this by putting a little on the user’s part, as not all insecurities come from the Hosting service.
While tracing the important points to be addressed in this article, I commented with Cesar Maeso (Websites Are Us sysadmin) What would be the best way to attract the attention of users who do not usually read this type of article, who coincidentally are the ones who most often incur insecurities and their sites or web services are usually vulnerable, and we think of titles striking for this article as the “10 ways to have your Hosting account hacked”, but as in the end our work should be educational and always support oriented, we understood that the best way to help is by informing.
The purpose of this article is therefore to inform you of the extent to which the passwords you use to access your Hosting Panel, your email accounts, your Client Area, your FTP accounts, and a long etcetera that are usually insecure have as a result that the doors of your online services are open for those who like to make use of others. Do you want to solve this problem? …keep reading!
The keys to strong passwords
Every password, to be secure, must meet a series of requirements that we will consider below:
Length and Complexity
If long ago the recommendation was 8 alphanumeric characters, which included at least some capital letters and special characters, nowadays it has been demonstrated that this level of complexity in the formation of passwords can be broken with time and some tools.
Gone are passwords such as 123456 or qwerty, since it is evident that they are already part of thousands of existing dictionaries, whether for Cain or other more sophisticated tools.
It is clear that the longer the password, the harder it is to guess And if it is also random, without any link to our name, surnames or significant dates, the better, because the main objective of a password is that, to go unnoticed and that it cannot be guessed by the data owner’s association.
There are online services that oblige the user from time to time to change your password so that you cannot continue using it for an extended period of time, or repeat your password over and over again.
This policy should be applicable to all our online services and especially if, as it happens more and more, we mix personal online services with labor services, where there is no line that defines the limit of one and the other and where it is easy to end up contaminating I work for not observing this premise on a personal level.
Make your password expire or have a limited lifetime. Why should you force yourself to change them regularly? Even though your passwords may be more secure at this point of awareness, it is still possible that they will be discovered, you may have been seen typing them, or captured them using keyloggers.
Changing them with certain frequency will mean that if at any time any password of yours was exposed, with or without your knowledge, the security of your services will not be affected after a regular change by new passwords, different from the previous ones.
Store them safely
Yes!, passwords also need to be stored, often within tools protected by other passwords, so choosing the password store well is an important part of this whole process.
We have talked about tools such as CyberProtector, which in recent years have been demonstrating that it is possible to have a secure store in the cloud of passwords to access the most diverse services, websites, mail services, etc., so that it is more convenient for us easy to remember a single password, the one of the warehouse, that hundreds of passwords of each service that we use.
Now Websites Are Us has created CyberProtector that brings together the password manager, VPN and 2FA in the same tool.
Your browser is not the best and safest password storeThat is what other people’s friends know, and it will be one of the places they will turn to to find access to banking, mail, web hosting services (Hostings), social networks and others to verify if you were so careless as to store or memorize the password in your usual browser.
One password per service
We know that it is difficult to remember a different password for each service that we use frequently, but that does not justify that we end up using the same for everything, online bank, websites, email accounts, because if the password is guessed or automatically discovered, all our services associated with the same password will be exposed in the same way.
Do not share it insecurely
Any password to remain secure, once it meets the main requirements for length and alphanumeric composition, is that it be shared, if necessary, in a safe way.
It is not appropriate to generate very strong passwords, of 13 or 15 characters, with letters, numbers and special characters, and without direct association with us and then share them by WhatsApp, email or by means of a note or Post-It since it breaks all principles of the security that is “Do not expose confidential data through open or non-encrypted channels”.
There are ways to share passwords so that your confidentiality is not broken, one of them is for example through CyberProtector, which has a secure method, with AES 256-bit encryption with PBKDF2, and from the owner of the same to the final recipient, securely, and most importantly, through a secure channel.
One of the many advantages of this tool, CyberProtector, is that you can share passwords with third parties without them needing to know the passwordBecause they can use it to access the desired service without having to view it or expose it in plain text.
There are many other tools, apart from Lastpass, that allow you to share passwords in a secure way Use them!.
Other options to consider, which we do not cover in this article so as not to expand, are two-step authentication, the use of physical tokens such as Latch or others, and the consideration of biometric access to services that provide them, But that’s a topic for future posts!
Always use strong passwords for any online service you use and change them frequently.
The security of your online services begins with you and passwords are the first firewall against unauthorized use of your sensitive data.
Member of the Websites Are Us technical team.
Coordinator of content on the Blog and YouTube.
Technical support in CyberProtector. Teacher at Websites Are Us Learning.