Passwords: the weakest link in WordPress security

•

0 gefällt mir•2,008 views

jessepollak

Brennen Byrne's talk on passwords at WordCamp Chicago 2014.

Technologie Unterhaltung & Humor

passwords
the weakest link in wordpress security
@brennenbyrne#wcchi

this talk is about
security
@brennenbyrne#wcchi

a lot of people think security is
hard
@brennenbyrne#wcchi

a lot of people think security is
hard
confusing
@brennenbyrne#wcchi

a lot of people think security is
hard
confusing complicated
@brennenbyrne#wcchi

a lot of people think security is
hard
confusing complicated
technical
impossible
frustrating
not for you
painful
infuriating
@brennenbyrne#wcchi

but we all know that it’s
important
@brennenbyrne#wcchi

but we all know that it’s
important
and my job is to make it
easy
@brennenbyrne#wcchi

hello, my name is brennen
(@brennenbyrne)
@brennenbyrne#wcchi

I’m a founder of Clef
(getclef.com)
@brennenbyrne#wcchi

for the next 30 mins
★ zombie army
★ two step (logins)
★ ssl
★ password rot
★ what you can do
@brennenbyrne#wcchi

getclef.com/wcchi2014
getclef.com/wordpress-security-checklist
slides
@brennenbyrne#wcchi

passwords
“The weakest link in the security of anything
you do online is your password.”
@brennenbyrne
—vip.wordpress.com/security
#wcchi

heartbleed
jetpack
http cookies
@brennenbyrne#wcchi

it’s time to talk
about the zombie
army.
@brennenbyrne#wcchi

the old way to break a password
@brennenbyrne#wcchi

2. guess common passwords
1. virus that watches you type
3. “advanced interrogation”
@brennenbyrne#wcchi

in order to defend myself
@brennenbyrne#wcchi

2. limit wrong guesses
1. don’t download viruses
3. don’t anger enemy nation-states
@brennenbyrne#wcchi

but attackers have gotten smarter
@brennenbyrne#wcchi

the zombie army is what happens to you
when other people download viruses
@brennenbyrne#wcchi

their computers become
zombies
@brennenbyrne#wcchi

sites infect visitors’ computers
zombies attack sites
visitors join zombie army
bigger army attacks more sites
@brennenbyrne#wcchi

zombies swarm and attack your site
from millions of diﬀerent computers
@brennenbyrne#wcchi

the zombie army is attackers’
response to our better defenses
as wordpress becomes a better target
the incentives for breaking it rise
@brennenbyrne#wcchi

something you
@brennenbyrne
the steps
know
#wcchi

something you
something you
@brennenbyrne
the steps
know
have
#wcchi

something you
@brennenbyrne
the steps
know
something you have
something you are
#wcchi

@brennenbyrne
the only thing better
than one factor of
authentication is…
two factors
#wcchi

the old way of doing this meant:
!
1. typing your password
2. getting a text with a bunch of numbers
3. typing in the bunch of numbers
!
(google authenticator)
@brennenbyrne#wcchi

@brennenbyrne
clef, the plugin i work on, skips
the password to make
two-factor much easier.
#wcchi

@brennenbyrne
s = safe
ss = safe safe
ssl = safe safe lock
it actually stands for “secure socket layer”
#wcchi

without ssl, everything is public
@brennenbyrne
only do stuﬀ you wouldn’t
mind standing on a table
and yelling about in a
coﬀee shop
i.e. no passwords or credit cards
#wcchi

@brennenbyrne
your password is strongest
on the day you set it
#wcchi

@brennenbyrne
your password is strongest
on the day you set it
it gets weaker every day
after that
#wcchi

2. more computer power available
1. more time for attacker to crack
3. greater chance you’ve reused
@brennenbyrne#wcchi

passwords pit our
memories against
computer brute force —
we are going to lose
@brennenbyrne#wcchi

@brennenbyrne
one weird trick to protect
your site from all attacks
#wcchi

use two factor for admin
@brennenbyrne
otherwise
install bruteprotect and cloak
read wordpress security checklist
getclef.com/wordpress-security-checklist
#wcchi

Weitere ähnliche Inhalte

Andere mochten auch

WordPress as a CMS

Matthew Vaccaro

You are working with WordPress when you find yourself in the strange, dimly lit Cave of Community. Gradually you can make out two passageways. One curves downward to the right; the other leads upward to the left. The choices you make in the WordPress community define your WordPress adventure. I’ll share stories of decisions and outcomes I’ve seen during my three years as a WordPress community manager.

WordPress Community: Choose your own adventure

Andrea Middleton

Por um wordpress mais seguro

Flávio Silveira

WorryProof WordPress - Backup Strategies for Your Web Site

Nathan Ingram

THE WORDPRESS DASHBOARD DEMYSTIFIED

BobWP.com

The world is full of amazing things, and if you’re like me you would like to see as much of this beautiful planet as possible. The existence of the Internet has made working off grid a real possibility for people. During my talk I will discuss my experience running a WordPress business while being “off-grid”, the types of products that make this lifestyle a possibility, and the challenges that come along with it.

Working Off Grid & Remote

travistotz

Builing a WordPress Theme

certainstrings

BuddyPress is a plugin created by the makers of WordPress, Automattic. It's an incredible tool that is rarely understood and under appreciated. In this presentation I illustrate how we harnessed the power of BuddyPress to build a project management system called chekmrk. Our topics include, Why project management apps are important. How we chose BuddyPress to build chekmrk. Why chekmrk is different. How we used BuddyPress to build chekmrk.

BuddyPress Tips: How We Built chekmrk

Wes Chyrchel

Wcto2012- after the install

Al Davis

Adventures in Non-Profit Web Design

Melodie Laylor

WordPress Security & Backups 101

Maeve Lander

WortdPress Child themes: Why and How

Paul Bearne

WordCamp Nashville: Clean Code for WordPress

mtoppa

The Best SEO Plugin for WordPress

2 the Top Web Design & Marketing

Using Theme Frameworks for rapid development and sustainability

Joel Norris

CSI: WordPress -- Getting Into the Guts

Dougal Campbell

Make Cash. Using Open Source. And WordPress.

sogrady

Andere mochten auch (17)

WordPress as a CMS

WordPress Community: Choose your own adventure

Por um wordpress mais seguro

WorryProof WordPress - Backup Strategies for Your Web Site

THE WORDPRESS DASHBOARD DEMYSTIFIED

Working Off Grid & Remote

Builing a WordPress Theme

BuddyPress Tips: How We Built chekmrk

Wcto2012- after the install

Adventures in Non-Profit Web Design

WordPress Security & Backups 101

WortdPress Child themes: Why and How

WordCamp Nashville: Clean Code for WordPress

The Best SEO Plugin for WordPress

Using Theme Frameworks for rapid development and sustainability

CSI: WordPress -- Getting Into the Guts

Make Cash. Using Open Source. And WordPress.

Mehr von jessepollak

Building Trust on the Blockchain: The Importance of Mental Models

jessepollak

Passwords: the weakest link in WordPress security

jessepollak

Passwords the weakest link in word press security

jessepollak

Passwords: the weakest link in WordPress security

jessepollak

WordPress Security Update: How we're building the web's most secure platform ...

jessepollak

Cryptography 101 (with math)

jessepollak

Cryptography 101

jessepollak

Passwords: the weakest link in WordPress security

jessepollak

Clef security architecture

jessepollak

The WordPress community has a huge security challenge on the horizon. Now powering almost 20% of the Internet, WordPress lets us build businesses and lifestyles behind a single password. Protecting one site is hard, but the real challenge is making sure that distributed attacks across WordPress sites don't find unprotected sites to attack. In this talk, Brennen Byrne, the CEO of Clef, discusses the attacks and defenses being established in the new security paradigm and the new strategies being worked on to protect your site from the robot army.

Passwords and Botnets and Zombies (oh my!)

jessepollak

Anatomy of a WordPress Hack

jessepollak

Mehr von jessepollak (11)

Building Trust on the Blockchain: The Importance of Mental Models

Passwords: the weakest link in WordPress security

Passwords the weakest link in word press security

Passwords: the weakest link in WordPress security

WordPress Security Update: How we're building the web's most secure platform ...

Cryptography 101 (with math)

Cryptography 101

Passwords: the weakest link in WordPress security

Clef security architecture

Passwords and Botnets and Zombies (oh my!)

Anatomy of a WordPress Hack

Kürzlich hochgeladen

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

ICT role in 21st century education and its challenges

rafiqahmad00786416

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

Kürzlich hochgeladen (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Six Myths about Ontologies: The Basics of Formal Ontology

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Apidays New York 2024 - The value of a flexible API Management solution for O...

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

ICT role in 21st century education and its challenges

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Boost Fertility New Invention Ups Success Rates.pdf

FWD Group - Insurer Innovation Award 2024

MINDCTI Revenue Release Quarter One 2024

Artificial Intelligence Chap.5 : Uncertainty

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Passwords: the weakest link in WordPress security

1. passwords the weakest link in wordpress security @brennenbyrne#wcchi

2. this talk is about security @brennenbyrne#wcchi

3. a lot of people think security is hard @brennenbyrne#wcchi

4. a lot of people think security is hard confusing @brennenbyrne#wcchi

5. a lot of people think security is hard confusing complicated @brennenbyrne#wcchi

6. a lot of people think security is hard confusing complicated technical impossible frustrating not for you painful infuriating @brennenbyrne#wcchi

7. but we all know that it’s important @brennenbyrne#wcchi

8. but we all know that it’s important and my job is to make it easy @brennenbyrne#wcchi

9. hello, my name is brennen (@brennenbyrne) @brennenbyrne#wcchi

10. I’m a founder of Clef (getclef.com) @brennenbyrne#wcchi

11. for the next 30 mins ★ zombie army ★ two step (logins) ★ ssl ★ password rot ★ what you can do @brennenbyrne#wcchi

12. getclef.com/wcchi2014 getclef.com/wordpress-security-checklist slides @brennenbyrne#wcchi

13. passwords “The weakest link in the security of anything you do online is your password.” @brennenbyrne —vip.wordpress.com/security #wcchi

14. heartbleed jetpack http cookies @brennenbyrne#wcchi

15. it’s time to talk about the zombie army. @brennenbyrne#wcchi

16. the old way to break a password @brennenbyrne#wcchi

17. 2. guess common passwords 1. virus that watches you type 3. “advanced interrogation” @brennenbyrne#wcchi

18. in order to defend myself @brennenbyrne#wcchi

19. 2. limit wrong guesses 1. don’t download viruses 3. don’t anger enemy nation-states @brennenbyrne#wcchi

20. but attackers have gotten smarter @brennenbyrne#wcchi

21. zombie army @brennenbyrne#wcchi

22. the zombie army is what happens to you when other people download viruses @brennenbyrne#wcchi

23. their computers become zombies @brennenbyrne#wcchi

24. sites infect visitors’ computers zombies attack sites visitors join zombie army bigger army attacks more sites @brennenbyrne#wcchi

25. zombies swarm and attack your site from millions of diﬀerent computers @brennenbyrne#wcchi

26. 2. limit wrong guesses 1. don’t download viruses 3. don’t anger enemy nation-states @brennenbyrne#wcchi

27. the zombie army is attackers’ response to our better defenses as wordpress becomes a better target the incentives for breaking it rise @brennenbyrne#wcchi

28. two step @brennenbyrne#wcchi

29. something you @brennenbyrne the steps know #wcchi

30. something you something you @brennenbyrne the steps know have #wcchi

31. something you @brennenbyrne the steps know something you have something you are #wcchi

32. @brennenbyrne the only thing better than one factor of authentication is… two factors #wcchi

33. the old way of doing this meant: ! 1. typing your password 2. getting a text with a bunch of numbers 3. typing in the bunch of numbers ! (google authenticator) @brennenbyrne#wcchi

34. @brennenbyrne clef, the plugin i work on, skips the password to make two-factor much easier. #wcchi

35. ssl @brennenbyrne#wcchi

36. @brennenbyrne s = safe ss = safe safe ssl = safe safe lock it actually stands for “secure socket layer” #wcchi

37. @brennenbyrne s = safe ss = safe safe ssl = safe safe lock it actually stands for “secure socket layer” #wcchi

38. @brennenbyrne s = safe ss = safe safe ssl = safe safe lock *it actually stands for “secure socket layer” #wcchi

39. @brennenbyrne s = safe ss = safe safe ssl = safe safe lock *it actually stands for “secure socket layer” #wcchi

40. without ssl, everything is public @brennenbyrne only do stuﬀ you wouldn’t mind standing on a table and yelling about in a coﬀee shop i.e. no passwords or credit cards #wcchi

41. password rot @brennenbyrne#wcchi

42. @brennenbyrne your password is strongest on the day you set it #wcchi

43. @brennenbyrne your password is strongest on the day you set it it gets weaker every day after that #wcchi

44. 2. more computer power available 1. more time for attacker to crack 3. greater chance you’ve reused @brennenbyrne#wcchi

45. passwords pit our memories against computer brute force — we are going to lose @brennenbyrne#wcchi

46. what to do @brennenbyrne#wcchi

47. @brennenbyrne one weird trick to protect your site from all attacks #wcchi

48. @brennenbyrne delete it. #wcchi

49. use two factor for admin @brennenbyrne otherwise install bruteprotect and cloak read wordpress security checklist getclef.com/wordpress-security-checklist #wcchi

50. getclef.com/wcchi2014 getclef.com/wordpress-security-checklist slides @brennenbyrne#wcchi

Passwords: the weakest link in WordPress security

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (17)

Mehr von jessepollak

Mehr von jessepollak (11)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Passwords: the weakest link in WordPress security