Have a Look At The Top 25 Most Common Passwords Of 2019:
123456123456789
qwerty
12345678
111111
1234567890
1234567
password
123123
987654321
qwertyuiop
mynoob
123321
18atcskd2w
7777777
1q2w3e4r
654321
555555
3rjs1la7qe
1q2w3e4r5t
123qwe
zxcvbnm
1q2w3e
666666
Are you using any of these? How about passwords on sticky notes? Does your router have the default account and password?
1.) How long is your password?
2.) Do you follow: Upper, Lower, Number, Special character methods?
My next php project is write a password testing app and password generator app. I might learn some python with it too.
1.) 12 characters minimum
2.) 2 upper case minimum
3.) 2 lower case minimum
4.) 2 numbers minimum
5.) 2 special character minimum
6.) No repeating characters allowed
I want to test those 25 above too. Most will fail on minimum of 12 character. I wonder if I should check to see if they are used inside the 12 characters?
Still a work in progress. So far the arrays are created.
#!/usr/bin/python
# This program will verify your password is the following criteria
# 2 or more lower case consonants
# 2 or more lower case vowels
# 2 or more upper case consonants
# 2 or more upper case vowels
# 2 or more numbers
# I will add a check to make sure the top 25 list is not included in the password as part of it.
# minimum of 12 characters
def main():
# creates arrays of lower consanents and upper consanents
lower_con = [‘b’,’c’,’d’,’f’,’g’,’h’,’j’,’k’,’l’,’m’,’n’,’p’,’q’,’r’,’s’,’t’,’v’,’w’,’x’,’y’,’z’] ; lower_con
upper_con = [element.upper() for element in lower_con] ; upper_con
# creates arrays of lower vowels and upper vowels
lower_vowel = [‘a’,’e’,’i’,’o’,’u’] ; lower_vowel
upper_vowel = [element.upper() for element in lower_vowel] ; upper_vowel
# array of integers
numbers = [0,1,2,3,4,5,6,7,8,9]
# array of special characters
special_char = [‘`’,’~’,’!’,’#’,’
Do you have a separate Syslog logging your firewall? How about your applications and services?
WordPress
https with certificates is obvious
1. My WordPress page has a link to salting the wp-admin.
2. I use an include statement to move the wp-admin off the web site folders
3. I installed a Fortinet 60E firewall and Access Point with IPS, DoS, and WAF enabled. Basically a hardware firewall is like the dead bolt on your home.
4. I use complex passwords on my SQL account and WP Admin accounts
5. Disable any account named admin or administrator. Create a new account.
6. .htaccess can be setup to only require certain ip address for access.
7. Are your LAMP components the latest and greatest. Do you use repositories to keep them up to date.
8. Does your Health Site check pass everything? Did you fix all the php issues? Theme issues?
Have you enabled 2 factor authentication on your stuff?
1. Bank Accounts
My bank allowed one time 2 factor password each time you log in. It sends it to your phone.
2. Credit Card Accounts like Best Buy, Gas station, etc?
3. iLo and administration of hardware like routers, firewalls, etc.
This can be hit or miss. Fortinet does it.
4. Office 365 and other web accounts like email accounts?
This can be tedious to use.