FullCircle

The Power of Passwords: Defending Against Opportunistic Attacks

“What’s all that?” gasped my wife, her finger pointing at my laptop. She'd got home from work, had crept up behind me, and had reason to be concerned. The console on my screen was filled with lines and lines of filter actions and ban notices, and they just kept on coming.

What she was witnessing was a real-time view of the fail2ban log of a client's web site. Not a high profile client, and not a busy web site. Just a boring old web site on boring old web server. So why was it under attack?

Unlike the portrayals in most movies, most hacks are not targeted crusades by skilled hackers trying to exploit millions of dollars, but opportunistic attempts looking for low hanging fruit by what graybeards used to call "script kiddies."

This means that unless you're in a high risk industry, you're likely to be just fine as long as you have covered the basics. And we're not talking about firewalls or backups or logging, we're talking real basic. We're talking passwords.

So what constitutes a good password? Well, it needs to be long and strong and impossible to guess. It shouldn't be related to the service you're securing or the user who's accessing it. It shouldn't be based on dictionary words, and should include special characters. It should be changed regularly. And most importantly, it needs to be unique.

But how do you remember your email password if it's "Ic?Wm'!B)bOJ;D8i"? Especially when the password to your bank account is "*!A\FtZ#!s|0O&:-"? And especially if they're always changing?! This is where password managers come in.

A password manager is a piece of software that stores all of your passwords in a secure way behind one master password. They usually also allow you to generate new passwords, and some sync between devices, offer audits for weak or leaked passwords, or remind you to change old ones.

By using a password manager to ensure strong and unique passwords, you're already protected from one of the most common opportunistic attacks

By using a password manager to ensure strong and unique passwords, you're already protected from one of the most common opportunistic hacks - guessing or brute forcing passwords, like the attempts being blocked by fail2ban that inspired this article.

But what if someone does successfully guess your password? Well, this is where multi factor authentication comes in, but that is a topic for another day!

Are you using weak passwords? Are your employees? Want some help protecting your systems from opportunistic attacks? Do you need a security consultation, audit, or some training? Get in touch today!

Stay ahead of the game. Grab our free newsletter!

Newsletter

A monthly newsletter full of security tips, advice from one of Sydney's leading managed service providers, remote work tips and tricks, and tech news updates.

Contact FullCircle

Sending Enquiry...

Loading...

OK