JMH
Emeritus, Contributor
- Apr 2, 2012
- 7,197
The problem with website security is us!
- Thread starter JMH
- Start date
AceInfinity
Emeritus, Contributor
lol, it's funny because I know lots of other's passwords... Friends, relatives, etc... And the network of people that exist for the people that I know as well. This is so true I can't disagree. Nobody needs to "hack" anything if they wanted, they could probably just guess, or use a dictionary to bruteforce their way in. This is why:
1) You don't use dictionary words in your password
2) You don't use your name
3) Anything specific to you
You should at least be using a combination of things, but even I would suggest doing that. Your name combined with the birth year is still not good. If my name was Bob Smith for example, perhaps I would have a password like this:
Or:
And depending on which websites, case sensitivity, matters, you could use an alternation as well:
Something like that is much better than something like "smith24". Mine is of no significance to myself at all, nor does it contain anywords, but it is 14 values in length both lowercase and uppercase letters, mixed with numbers. The larger your password is too, the more secure it would be to a bruteforce attack, because obviously there's more combinations.
My recommendation? A password that is at least 7 values long.
So regardless of how secure a website is, the last thing it comes down to is the password you chose as a user on the site lol. Aside from that, even if your password is good, it could be down to the developer that doesn't know what they are doing. Sending stuff in plain text over HTTP requests that could be intercepted... Allowing execution of javascript that could introduce an XSS attack, or perhaps not checking the input before the code later uses that data to query an SQL database introducing an SQL injection vulnerability?
Such easy mistakes to avoid, but yet these are all still THE most common thing you see, and who's to blame? Not the system itself, but us.
1) You don't use dictionary words in your password
2) You don't use your name
3) Anything specific to you
You should at least be using a combination of things, but even I would suggest doing that. Your name combined with the birth year is still not good. If my name was Bob Smith for example, perhaps I would have a password like this:
Code:
smithb0b24Or:
Code:
$mithb0b24And depending on which websites, case sensitivity, matters, you could use an alternation as well:
Code:
$mItHb0B24Something like that is much better than something like "smith24". Mine is of no significance to myself at all, nor does it contain anywords, but it is 14 values in length both lowercase and uppercase letters, mixed with numbers. The larger your password is too, the more secure it would be to a bruteforce attack, because obviously there's more combinations.
My recommendation? A password that is at least 7 values long.
So regardless of how secure a website is, the last thing it comes down to is the password you chose as a user on the site lol. Aside from that, even if your password is good, it could be down to the developer that doesn't know what they are doing. Sending stuff in plain text over HTTP requests that could be intercepted... Allowing execution of javascript that could introduce an XSS attack, or perhaps not checking the input before the code later uses that data to query an SQL database introducing an SQL injection vulnerability?
Such easy mistakes to avoid, but yet these are all still THE most common thing you see, and who's to blame? Not the system itself, but us.
Last edited:
Has Sysnative Forums helped you? Please consider donating to help us support the site!