SCSIraidGURU’s World

Have a Look At The Top 25 Most Common Passwords Of 2019:

123456123456789

qwerty

12345678

111111

1234567890

1234567

password

123123

987654321

qwertyuiop

mynoob

123321

 

18atcskd2w

7777777

1q2w3e4r

654321

555555

3rjs1la7qe

google

1q2w3e4r5t

123qwe

zxcvbnm

1q2w3e

666666

Are you using any of these?  How about passwords on sticky notes?  Does your router have the default account and password? 

1.) How long is your password? 
2.) Do you follow: Upper, Lower, Number, Special character methods?

My next php project is write a password testing app and password generator app.  I might learn some python with it too.  
1.) 12 characters minimum
2.) 2 upper case minimum
3.) 2 lower case minimum
4.) 2 numbers minimum
5.) 2 special character minimum
6.) No repeating characters allowed

I want to test those 25 above too.  Most will fail on minimum of 12 character.  I wonder if I should check to see if they are used inside the 12 characters? 

Still a work in progress.  So far the arrays are created.

#!/usr/bin/python

# This program will verify your password is the following criteria
# 2 or more lower case consonants
# 2 or more lower case vowels
# 2 or more upper case consonants
# 2 or more upper case vowels
# 2 or more numbers

# I will add a check to make sure the top 25 list is not included in the password as part of it. 
# minimum of 12 characters

def main():
# creates arrays of lower consanents and upper consanents
lower_con = [‘b’,’c’,’d’,’f’,’g’,’h’,’j’,’k’,’l’,’m’,’n’,’p’,’q’,’r’,’s’,’t’,’v’,’w’,’x’,’y’,’z’] ; lower_con
upper_con = [element.upper() for element in lower_con] ; upper_con

# creates arrays of lower vowels and upper vowels
lower_vowel = [‘a’,’e’,’i’,’o’,’u’] ; lower_vowel
upper_vowel = [element.upper() for element in lower_vowel] ; upper_vowel

# array of integers
numbers = [0,1,2,3,4,5,6,7,8,9]

# array of special characters
special_char = [‘`’,’~’,’!’,’#’,’$’,’%’,’^’,’&’,’*’,'(‘,’)’,’-‘,’=’,’+’,’:’,’;’,’?’,’@’,'<‘,’>’,’_’,’/’,’|’]

if __name__==’__main__’:
main() 

Do you have a separate Syslog logging your firewall?   How about your applications and services? 

WordPress

https with certificates is obvious

1. My WordPress page has a link to salting the wp-admin.
2. I use an include statement to move the wp-admin off the web site folders
3.  I installed a Fortinet 60E firewall and Access Point with IPS, DoS, and WAF enabled.  Basically a hardware firewall is like the dead bolt on your home.
4. I use complex passwords on my SQL account and WP Admin accounts
5. Disable any account named admin or administrator.  Create a new account.
6. .htaccess can be setup to only require certain ip address for access.
7. Are your LAMP components the latest and greatest.  Do you use repositories to keep them up to date.
8. Does your Health Site check pass everything?  Did you fix all the php issues? Theme issues?

Have you enabled 2 factor authentication on your stuff?

1. Bank Accounts
My bank allowed one time 2 factor password each time you log in.  It sends it to your phone.

2. Credit Card Accounts like Best Buy, Gas station, etc?

3. iLo and administration of hardware like routers, firewalls, etc.
This can be hit or miss.  Fortinet does it.

4. Office 365 and other web accounts like email accounts?
This can be tedious to use. 

Close Menu