WordPress.org

Ready to get started?Download WordPress

Forums

Guessing your Password (7 posts)

  1. Mark (podz)
    Support Maven
    Posted 9 years ago #

    Every week seems to bring a post here about security and invariably they bring up issues that most of us know next to nothing about but which are discussed in terms that can worry some of us.

    The fact is that those issues - when highlighted - are picked over and discussed by many people and if there is any information then it will head our way (let's not go down the vulnerability issue here). But what you need to bear in mind is that for these 'risks' to be exploited it takes someone with the knowledge and very probably shared disk space with your site. So while it could happen, the risk is very very very small. (Which is not to say it should not be eliminated I know... but anyway...)

    The risk of your co-worker / lover / EX-lover / stalker / boss guessing the password you have used is much much higher. They can sit there all day and all night plugging in the names of your pets, school, favourite colours, names, foods, birthdays whatever they can think of - and they can do that from anywhere, anytime.
    And this doesn't include any user logins, or passwords for private posts either.

    WP gives you a random password for a reason - your security.

    If you then change that "because it's too hard to remember" you have just weakened your installation. I get to see a lot of installs and passwords - and seeing the same user info for a blog login AND the cpanel login AND the mysql login is not uncommon.
    All that person you just annoyed has to do is guess one combination and your website is theirs. And it'll be your fault.

    Get a password manager and use it.
    Both of these below are free and are highly recommended by freeware sites.

    http://www.anypassword.com/
    http://keepass.sourceforge.net/

  2. Michael Bishop

    Posted 9 years ago #

    Or don't piss anyone off.

  3. icco
    Member
    Posted 9 years ago #

    no. i dont think people understand. Take a look at your logs. Most ad bots who realize you have a wordpress site will try to enter a username and password to get into your site. Though i've never heard of one being successful, its only a matter of time.

  4. zoogies
    Member
    Posted 9 years ago #

    I hope I'm not 'gravedigging' by posting a month after the last post, but I believe my question is relevant - is there any threat at all by keeping all your passwords stored in one program? What if you're hacked?

  5. Mark (podz)
    Support Maven
    Posted 9 years ago #

    All my passwords are in a program called Keepass - as you need to know a long password to actually unlock the file with my passwords in, I doubt you'll hack in. That's after you've got into my machine and found where it is. Nah .... you'll never do it :)

    Your point is valid - but what are the alternatives ?

  6. is there any threat at all by keeping all your passwords stored in one program?

    Yes. If you figure out the master password, then you'll have access to all of the passwords. So, make it a really good password. Try using your own, unique DNA sequence, inter-mixed with numbers familiar to yourself, like your High School ID number, or a former credit card.

  7. vkaryl
    Member
    Posted 9 years ago #

    Hmmm. How about a key produced by one of the SSH type programs? That oughta fix it....

Topic Closed

This topic has been closed to new replies.

About this Topic