Recommended
Recommended
More Related Content
Similar to Passwords: the weakest link in WordPress security
Similar to Passwords: the weakest link in WordPress security (12)
Recently uploaded
Recently uploaded (20)
Passwords: the weakest link in WordPress security
- 1. passwords the weakest link in wordpress security @brennenbyrne#wcsea
- 2. this talk is about security @brennenbyrne#wcsea
- 3. a lot of people think security is hard @brennenbyrne#wcsea
- 4. a lot of people think security is hard confusing @brennenbyrne#wcsea
- 5. a lot of people think security is hard confusing complicated @brennenbyrne#wcsea
- 6. a lot of people think security is hard confusing complicated technical impossible frustrating not for you painful infuriating @brennenbyrne#wcsea
- 7. but we all know that it’s important @brennenbyrne#wcsea
- 8. but we all know that it’s important and my job is to make it easy @brennenbyrne#wcsea
- 9. hello, my name is brennen (@brennenbyrne) @brennenbyrne#wcsea
- 10. I’m a founder of Clef (getclef.com) @brennenbyrne#wcsea
- 11. for the next 30 mins ★ zombie army ★ two step (logins) ★ ssl ★ password rot ★ what you can do @brennenbyrne#wcsea
- 13. passwords “The weakest link in the security of anything you do online is your password.” @brennenbyrne —vip.wordpress.com/security #wcsea
- 15. it’s time to talk about the zombie army. @brennenbyrne#wcsea
- 16. the old way to break a password @brennenbyrne#wcsea
- 17. 2. guess common passwords 1. virus that watches you type 3. “advanced interrogation” @brennenbyrne#wcsea
- 18. in order to defend myself @brennenbyrne#wcsea
- 19. 2. limit wrong guesses 1. don’t download viruses 3. don’t anger enemy nation-states @brennenbyrne#wcsea
- 20. but attackers have gotten smarter @brennenbyrne#wcsea
- 22. the zombie army is what happens to you when other people download viruses @brennenbyrne#wcsea
- 24. sites infect visitors’ computers zombies attack sites visitors join zombie army bigger army attacks more sites @brennenbyrne#wcsea
- 25. zombies swarm and attack your site from millions of different computers @brennenbyrne#wcsea
- 26. 2. limit wrong guesses 1. don’t download viruses 3. don’t anger enemy nation-states @brennenbyrne#wcsea
- 27. the zombie army is attackers’ response to our better defenses as wordpress becomes a better target the incentives for breaking it rise @brennenbyrne#wcsea
- 29. something you something you @brennenbyrne the steps know have something you #wcsea
- 30. the old way of doing this meant: ! 1. typing your password 2. getting a text with a bunch of numbers 3. typing in the bunch of numbers ! (google authenticator) @brennenbyrne#wcsea
- 31. @brennenbyrne clef, the plugin i work on, skips the password to make two-factor much easier. #wcsea
- 33. @brennenbyrne ! ssl = safe safe lock *it actually stands for “secure socket layer” #wcsea
- 34. without ssl, everything is public @brennenbyrne only do stuff you wouldn’t mind standing on a table and yelling about in a coffee shop i.e. no passwords or credit cards #wcsea
- 36. @brennenbyrne your password is strongest on the day you set it #wcsea
- 37. 2. more computer power available 1. more time for attacker to crack 3. greater chance you’ve reused @brennenbyrne#wcsea
- 38. passwords pit our memories against computer brute force — we are going to lose @brennenbyrne#wcchi
- 40. @brennenbyrne one weird trick to protect your site from all attacks #wcsea
- 42. use two factor for admin @brennenbyrne otherwise install bruteprotect and cloak read wordpress security checklist getclef.com/wordpress-security-checklist #wcsea