Improve your Security

This page will have a look at passwords, firstly by checking out a recent attack on this website and then considering the importance of strong passwords.  This discussion is important for all webmasters  of sites on the u3anet.org.au hosting network.

The image below displays a message that recently came from the Wordfence Security plugin that evidences an attack on our State website.  It shows that after 20 unsuccessful attempts the attacker was locked out from the login page of our website for 4 hours. 

A number of hours later a similar report was received.  What was going on?  This attacker, was likely using an automatic ‘system’ that generated a sequence of likely user-names and possible passwords to get access to our website with a view of harvesting useful information for nefarious reasons.  Their method is based upon many tries may lead to a reward; the reward being access to the private section of a website, in this case the administration area of our website. 

In this instance the passwords were strong enough to hold off the attack. Action has now been taken to block this attacker’s IP address.

threat1

Their goal and intent is to find some content that may hold a ‘bounty’ such as bank account details, credit card details or other personal information.

U3A websites have a fairly low risk because we aren’t using our sites for commercial transactions  Personal details and phone numbers can prove the seeds for Google or Facebook searches that may reveal more about a person, in turn, leading to a phone call such as “I was in contact with Jenny X, she has such a lovely garden, and she suggested that I get touch with you about donating to ….”  the method is to use some seemingly credible words to try to access bank details etc.

“In any system, humans will find a way to subvert the rules for their own gain. It’s a recurring theme: from skipping class, cheating in games, fixing the banking system, and exploiting welfare, down to stealing from work, and gambling in Las Vegas. So it shouldn’t be a surprise that most humans choose the lazy option when it comes to password security.”  Australian Personal Computer November 2019

How can we manage such nuisances?

There are two key strategies, both should be used:

  • REDUCTION – place minimal personal information on the website,
  • PREVENTION – the use of a strong password (and perhaps more) to make a website more resistant to some of these persistent attacks.

A strong password will have at least 12 characters, with a mix of Upper and Lower case and extended characters
e.g. #pM0$JRG&9O7
while a memory aid could be # park MUSIC 0 $ JACK ROPE GOLF 9 & ODE 7

Remember if strong passwords are recorded in the front cover of your diary or on your study whiteboard – sorry, NOT secure!

In addition, the computer you use for editing your website or other important documents must also have a strong password.

To create tough passwords, visit Strong Random Password Generator to create your effective passwords with a bonus memory phrase.

Visit the Australian Government’s Stay Smart Online website for more advice about passwords and passphrases.