The most recent demonstration of this is the attempted hacking at the British National Lottery. As reported by the BBC. They claim that the user name and passwords were not taken from them and were acquired elsewhere and then tried on their systems.
This is quite possible as too many people still use the same password for multiple accounts. Such actions make it very easy for hackers to steal their data. If you use the same username and password for five different accounts in the hacker has five times as many opportunities to break your system. You also then as vulnerable as the weakest system that you use your login on and undermine all be security features of the other accounts.
Too many systems use an email and password as the fields required for access. So, with an email account being used commonly across all the systems as anyone password left to guess.
Although WordPress also uses this method of authentication, it is now possible to add a second level of security to your accounts. A variety of plug-ins offer solutions for the second level of authentication. Clef offers a clever moving graphic which synchronises with your mobile phone to allow you access without needing to type in any code except the pin for the phone. Google authenticator will give you a six-figure access pin to add to your login details in order to gain access.
Many other services are now adding a second level of authentication. These include Google warning you when a new system tries to connect to your service, PayPal offers you a chance to add two-factor authentication to its login.
There are a number of applications including RoboForm which we use, this helps us create long complex passwords for each site we need to log into and then remembers them for us behind a master password.
Jobs being offered at GCHQ a new school on the Bletchley Park grounds suggest that hacking and security is a complicated business. And indeed at the professional level, it certainly is, however, a quick search on the Internet will bring a plethora of ease to use tools that allow brute force attacks on websites where users have chosen simple to guess passwords.
So, would make sure that you use very difficult to remember passwords.
- Always take advantage of two-factor authentication where it is offered.
- Never give permission for your credit card details to be stored online.
- Consider using a payment processor like PayPal wherever possible so that you never put your credit card details online at all.
- Always make sure that you change passwords regularly.
- Never enter a sensitive password when you’re a public network through Wi-Fi.
- Always make sure you have regular backups taken of your WordPress site in case the worst ever happens.
- Don’t gamble with your security. Passwords can be guessed faster than you can check a scratchcard.