Social media integration has been on my mind lately. Yes, before you get ahead of me, I know you can setup your twitter to post to facebook and your instagram to post to twitter and facebook. But there is already one problem. If I have my instagram post to twitter and facebook and my twitter post to facebook I end up with two postings on my facebook. I am getting tired of deleting post. I want to add content easily, not have to worry about duplicates. No one wants to see duplicate status post!
IFTTT is a great way to setup recipes to interact with several aspects of several channels. A channel can be facebook or twitter or instagram or even this blog. For examply I can create a recipe that says if I post something to this blog then post it to facebook.
I just wanted to update with the first post of the year. It is rare that one can do something first. It is also possible that I am typing this at 5:19pm on 1/3/23 and have the ability to pre-date my postings…I guess you will never know?
I am also a fan of scrabble and this picture looks like scrabble tiles.
So I am constantly learning. 40% of the internet is using the WordPress platform. I am no different. I started building my own websites with pure HTML/CSS/JS and loved it. It was a lot of work. WordPress started in 5/27/03 and my first website spun up in December 2004. I didn’t know about WordPress (WP) until year later. I kept my own website but then started dabbling with it and other CMS platforms.
Because it is so widely used, it is grabs the attention of the hackers of the world. Just like Windows and Chrome. If you have the market majority then you are the platform that people go after.
Over the years my sites have been routinely compromised or attempted at such. I have had to recover much data from backups.
Recently I learned about a username sniffing technique that is used on WordPress to discover usernames so that a brute force attack can be used to gain access to the site backend. I created a lovely redirect to his page from those pesky username sniffs just for fun.
If you type in https://jasrasr.com/?author=1 then you get redirected to https://jasrasr.com/stop-sniffing-me
You could enter any number after the ‘=’ sign. https://jasrasr.com/?author=123 would also redirect to the same: https://jasrasr.com/stop-sniffing-me
That page then is clickable to this page to explain why I did what I did and now I am laughing at the whole thing. I could’ve installed a plugin to block the username sniffs but I like this approach better.
I just tested and created a new test user which makes technically author=2 valid. If this exist then you can see the archives and blog post/pages that were authored by that username. More importantly you can see the username in the URL and on the page.
In this example from icwnow.net you can see the username ‘kbjjsywyvf’ and the ‘test’ post that was created. A hacker can take this info and attempt commonly used passwords to gain access to the site.
This page will be updated. I am not done, but it is bed time…
There is a major difference between an easy to remember password and one that is secure…or is there? Can’t you have both? Shouldn’t you have both?
There is a thought that adding spaces to your password to make a pass phrase is more secure because it enables you to have longer passwords that can be easier to remember. The true test of security is length and amount of randomness. Since we truly can’t be actually random, we need to include all types of characters allowed for a password. I am going to use password to encompass pass phrases as well because whether a password has spaces or not it doesn’t change what it is. A space in a password is still just a symbol character, so it’s just a password with spaces. I would argue you should have another symbol(s) besides spaces.
So if you don’t like LastPass or think they are evil then BitWarden is another company that offers all the same features.
Whatever you do, DO NOT use the same password on two different websites. I can’t stress this enough. Once you have a compromised password on one site, it is VERY likely the hacker will use automated tools very quickly to attempt that same password on many other sites.
You may not have anything to hide or want to keep super secure, but I bet you don’t want to be locked out of your email, Facebook, Instagram, etc. accounts?
So how do I create a secure and complex password?
A very simple way to come up with a more secure and more complex would be a “pass phrase” as discussed above. You can make it as random as you like.
EXAMPLE 1: The 3 brown dogs ran FAST! EXAMPLE 2: 1Jason is a really big NERD!
The above examples both have 163 bits of entropy which is the amount of randomness including all the characters. (5 uppercase, 14-16 lowercase, 1 number, 6 symbols)
If you go to howsecureismypassword.net then you see this, 2 decillion years to crack this password.
If you want to know how many possibilities for a password then you take the total number character types to the power of total number of digits. total password possibilities = possible characters ^ number of digits Example: A bank card PIN has 10k possibilities because 0,1,2,3,4,5,6,7,8,9 is 10 possible character types ^ 4 digits (generally) so 10^4=10,000
If a computer can attempt 10,000 passwords every second then, per my calculation it would take 2.40116884430133E+39 or 2,401,168,844,301,330,000,000,000,000,000,000,000,000 or 2.4 duodecillion years. I am even dividing the probability in half because generally it takes half as many guesses than possibilities, when referring to statistics. I don’t know how the website above is calculating it’s 2 decillion years. I would have to know how many characters they are including and how many iterations per second. I am figuring 10k/second…
The iPhone and iOS now offer a great feature to suggest random passwords and even allows you to store them.
TOP 10,000 PASSWORDS!
Go to this website and make sure you don’t use any of these passwords. This list represents the topmost common used 10k passwords gathered from a list of 10 million passwords.
This blog is not sponsored by any of the websites mentioned above. I have personally paid for LastPass since 2010 and have thousands of passwords in my vault. For 99% of those passwords, I don’t even know them. I only know my master password. I don’t have to remember any of them. With the Chrome/Firefox/Edge browser extensions and the app on my iPhone I have very easy access to all my passwords. I also store other important information in my vault like credit card numbers, banking info, tax info, Wi-Fi information.
At stated above, I do not know any of my main passwords for any of my accounts. I generally use a password that looks like this: JwC@RHsefyG$H*&xw96#zRg3fXjY$Y (automatically generated from LastPass which is free $0.00)
Have a safe and secure day and make better password decisions.
If you like this or agree, then leave a comment and let me know. If you don’t like this or think I am wrong, then leave a comment and let me know.
I would like to have 1000 YouTube subscribers with 4000 hours of video watched by the end of 2022. This will enable me to participate in the money making marvel of YouTube. Will you help me by subscribing? THANK YOU!