So, you want to be a pro do you?

NOTE: This is one of a few occasions where I will post that my readers should, and my students MUST stop and read. So, I’m going to use a label we use on our most important GitHub issues:

I know that network security is such a bother! But, please, read this carefully! Network security begins with the user, and that means you! It also is a primary responsibility of web and other software developers, so that means you! But you may be thinking that you are just a front-end developer, not a full stack expert. Wrong! Yes, the full stack guru needs to be extra trained and vigilant, but like any chain, it is only as strong as the weakest link. Don’t let that be you. The end user is a link to. So, that is where we are going to start.

This is just the first installment of a major section that we will add to this training site. So, settle in and pay attention. There will be a call to action at the end of this and every security post.

Security Lesson #1 – passwords

Why passwords are important:

We all have so many online accounts and almost all of them require usernames and passwords. In the password vault I share with my wife Mary, we have 692 passwords!! But, we have all been advised that it is important to have good passwords to keep our digital lives secure.

Think of the types of accounts that you might have:

  • Social media accounts (Facebook, Twitter er X, Instagram)
  • Email account (**@gm***.com)
  • Online shopping (Amazon.com)
  • Online banking (checking account, PayPal, credit card)
  • Freelancing profile (Upwork.com)
  • Software repositories (GitHub.com)
  • Smart phone
  • Personal computer
  • Work account

Just think if those were not password protected. You might think that some of those accounts are not that important because you don’t have anything terribly valuable. But consider that thieves and hackers don’t know that you don’t have anything valuable. They just hack and if they get in they look for valuables. But, many hackers are not looking for valuables, they are looking to cause trouble.

Is your social media presence valuable to you? What if your account were hacked and a malicious person decides to post nasty things while posing as you? What would that do to your relationships and social trust? What if your work account was hacked and your companies private information was stolen or damaged? Even if you don’t control any valuable information (not likely), if a hacker gets in your login account they can use that to launch a cyber attack on many sites. Many hosting services will quickly detect such an attack and their response is to simply shut down the machine. Now, you and your co-workers can’t login to work the next day, and maybe the day after. Not good.

Consider that list and you decide what the value is on just five of those accounts.

What makes a good or bad password?

Now, open a separate browser window or tab on this: https://www.passwordmonster.com

In that page, you can type in the passwords that protect your privacy. Pay attention to the “Time to crack your password:”

Now, go read this article: https://www.techopedia.com/password-manager/the-most-common-passwords-weakest-passwords

Where to store your passwords?

Assuming that you have now created some great passwords, you may realize that you are NOT going to be able to remember them. Please don’t write it on a sticky note on your keyboard!! (I’ve seen it done!). The previous article mentioned several good password vault programs. I personally use 1Password. It’s been around for years and is cross platform. My wife and I share an account and it synchronizes to all of our devices and operating systems. It uses biometrics where supported.

Good password managers also contain a feature that checks the security of your passwords. 1Password calls that feature ‘Watchtower’. With one click it checks all of my passwords. It evaluates:

  • The strength of each password
  • checks for passwords used for multiple sites (very bad idea)
  • websites which are known to have been compromised (your password is at risk)
  • unsecured websites (http:// rather than https://) More about this soon…
  • sites that offer two-factor authentication that you are not using but should
  • sites that support Passkeys (much more secure than even two-factor)

However, you often need your passwords handy in your web browser and your ssh terminal program. 1Password (and others) have plugins to most browsers so it is at the ready to plugin your password when a sites prompts you to login. I also recommend an ssh (and sftp) program called Termius that has a password vault built in. Once I have unlocked Termius and connect to a site, it automatically retrieves the username and password from its vault.

Call to action:

You should have followed each link and chosen your five most important passwords.

  • How strong were they?
  • How long would it take to crack them?
  • Did you decide to change them?
  • Where did you store the new better password?
  • Have you considered a password manager?
  • How secure are your accounts now?

If you are one of my students, you MUST leave a comment on this post and answer each of those questions. I would be interested any any other comments as well.

8 thoughts on “So, you want to be a pro do you?”

  1. This article is very beneficial for me, all my passwords can be cracked in less than 5 hours. only one is at 8 months and another at 46 years. And the biggest problem is that these passwords are repeated across multiple accounts.
    I have just discovered in this article that the criterion of making a better password is to mix capital letters, lowercase, numbers and special characters. I’ve already started to change them.
    In the near future I will take care of subscribing to a password manager.

  2. Thank you very much for sharing this very, very important advice which allows us to secure our accounts by choosing the best passwords. personally I learned how vulnerable my accounts were because I was using passwords that were easy to crack but thanks to these tips I was able to strengthen my security, my passwords and use Nordpass as my account manager.

  3. This is a great reminder about the importance of strong passwords! I recently tested the strength of my top 5 passwords using this reliable tool, and I’m happy to report they’re all very strong.

    To further improve my security, I’m planning to build a small JavaScript application to manage my passwords. While I understand the potential risks of storing passwords directly, I’m considering using Firebase to manage them securely. I’ll definitely do my research to ensure proper encryption and best practices are followed before implementation.

    Thanks for the informative article!

  4. Firstly, this post is extremely insightful on the topic of security. By reading it carefully, I realize the importance of following these recommendations to the letter.

    After conducting some tests, I found that most of my passwords have a good score and are difficult to decipher. However, one vulnerability was that I sometimes used the same password across multiple platforms. Thanks to this post, I have changed this habit to enhance my digital security.
    Although most Password Managers are paid, I could choose one that will be useful to me

  5. This post emphasizes the critical importance of network security, starting with strong password practices. He explains that even if you consider yourself a front-end developer, you play a crucial role in maintaining security.

    Key Points from the Post:

    Password Importance:

    Passwords protect a wide array of accounts, including social media, email, online banking, and work accounts.
    Even seemingly unimportant accounts can be targets for hackers.
    Password Strength:

    Use tools like Password Monster to check password strength.
    Avoid common or weak passwords as detailed in Techopedia’s article.
    Password Storage:

    Use password managers like 1Password, which offer features like synchronization across devices and security checks.
    Avoid writing passwords on physical notes.
    Call to Action:

    Evaluate and strengthen your five most important passwords.
    Consider using a password manager to store them securely.
    Reflect on the security of your accounts and make necessary changes.
    Michael requires us as his students to follow the advice and comment on the post with their findings, ensuring engagement and practical application of the lesson.

  6. Thank you for the important lesson on security.
    The importance of security measures must be thought in communities like this ones. In today’s digital age, it is crucial to prioritize security in every aspect of our lives, from personal privacy to online transactions. This post serves as a valuable reminder to always be vigilant and proactive in safeguarding our information and assets. I found my password were very very well composed to protected my accounts and it may cost about 57 millions of year to crack them. I used different password for my accounts the same style i mean except for 2 and i’m gonna change that and also look for a free password manager .

  7. Thank you for this post on passwords. Though we have talked about password security a lot before, this post and the links to the password cracker and how to have more secure passwords were very insightful. I’m definitely going to check out my password strength more often on our password manager and add some multi-factor authentication measures to important log in sites.

Leave a Reply

Your email address will not be published. Required fields are marked *

Discover more from MichaelKentBurns

Subscribe now to keep reading and get access to the full archive.

Continue reading