memorable passwords

Memorable passwords can be secure, contrary to popular belief.

One of the first and best rules of practicing good web site security is to make sure passwords are secure. The good news is secure passwords do not have to be impossible to remember, and memorable passwords can still be secure.

So, What is The Problem?

The other day a customer came to me and revealed the password he was using to maintain one of his web sites.  It was a password I have seen hundreds of times before from other customers. Now, if I have seen that password that many times, you can guarantee the bad guys have it in their password lists that they use to try to gain access to a typical web site.

Password lists are files which contain strings of common usernames and passwords.  They then import this list into a specialized application which is programmed to look for web sites to hack. A modern way of doing this is with a large number of previously infected private computers called “bot nets.” These bot nets are remote controlled by a single hacker. The bot nets are able to attack a single site from lots of different IP addresses (the hacked computers), reducing the chances of it being discovered and blocked by the server’s firewall. Conversely, a single IP address that continuously fails to login, would be easily to discover and would be blocked fairly quickly. Continue reading

Domain Backordering

15881201596_c15886e61b_b

Imagine you’ve found the perfect domain name. It’s catchy. It’s fun. It’s easy to remember. Unfortunately, it’s also taken. So long as the current user continues to renew, the domain is off the table. However, many websites fail or the users simply move on to new pursuits. Just think of the all the blogs, forums, gaming sites, and business pages that have disappeared over the years. The problem is that you have no idea when or if the domain will become available. Fortunately, your domain registration company may offer domain backordering services. Domain backordering allows potential buyers to put money down now for the chance to purchase the domain name in the future.

Continue reading