Passwords: the weakest link in WordPress security
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Passwords: the weakest link in WordPress security

on

  • 237 views

Brennen Byrne's talk on passwords at WordCamp Minneapolis.

Brennen Byrne's talk on passwords at WordCamp Minneapolis.

Statistics

Views

Total Views
237
Views on SlideShare
152
Embed Views
85

Actions

Likes
0
Downloads
4
Comments
0

2 Embeds 85

https://getclef.com 84
http://mike.dev 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Passwords: the weakest link in WordPress security Presentation Transcript

  • 1. p4sSw0rd5: the weakest link in wordpress security @brennenbyrne
  • 2. this talk is about security @brennenbyrne
  • 3. a lot of people think security is hard @brennenbyrne
  • 4. a lot of people think security is hard confusing @brennenbyrne
  • 5. a lot of people think security is hard confusing complicated @brennenbyrne
  • 6. a lot of people think security is hard confusing complicated technical impossible frustrating not for you painful infuriating @brennenbyrne
  • 7. but we all know that it’s important @brennenbyrne
  • 8. but we all know that it’s important and my job is to make it easy @brennenbyrne
  • 9. hello, my name is brennen (@brennenbyrne) @brennenbyrne
  • 10. I’m a founder of Clef (getclef.com) @brennenbyrne
  • 11. for the next 30 mins ★ botnets ★ two-factor authentication ★ ssl ★ password rot ★ what you can do @brennenbyrne
  • 12. getclef.com/wcmpls2014 getclef.com/wordpress-security-checklist slides @brennenbyrne
  • 13. p4sSw0rd5: the weakest link in wordpress security @brennenbyrne
  • 14. I don’t mean to scare you — but there is a zombie army coming for your WordPress site. @brennenbyrne
  • 15. the old way to break a password @brennenbyrne
  • 16. 2. guess common passwords 1. virus that watches you type 3. “advanced interrogation” @brennenbyrne
  • 17. in order to defend myself @brennenbyrne
  • 18. 2. limit wrong guesses 1. don’t download viruses 3. don’t anger enemy nation-states @brennenbyrne
  • 19. but attackers have gotten smarter @brennenbyrne
  • 20. botnets @brennenbyrne
  • 21. botnets are what happens to you when other people download viruses @brennenbyrne
  • 22. their computers become zombies @brennenbyrne
  • 23. sites infect visitors’ computers botnets attack sites visitors join botnet bigger botnet attacks more sites @brennenbyrne
  • 24. botnets swarm and attack your site from millions of different computers @brennenbyrne
  • 25. 2. limit wrong guesses 1. don’t download viruses 3. don’t anger enemy nation-states @brennenbyrne
  • 26. botnets are the attackers’ response to our better defenses as wordpress becomes a better target the incentives for breaking it rise @brennenbyrne
  • 27. two-factor @brennenbyrne
  • 28. something you @brennenbyrne the factors know
  • 29. something you something you @brennenbyrne the factors know have
  • 30. something you @brennenbyrne the factors know something you have something you are
  • 31. @brennenbyrne the only thing better than one factor of authentication is… two factors
  • 32. the old way of doing this meant: ! 1. typing your password 2. getting a text with a bunch of numbers 3. typing in the bunch of numbers ! (google authenticator) @brennenbyrne
  • 33. @brennenbyrne clef, the plugin i work on, skips the password to make two-factor much easier.
  • 34. ssl @brennenbyrne
  • 35. if you want to learn more about this, go see jesse’s crypto-101 at 3 @brennenbyrne
  • 36. @brennenbyrne for most of us, ssl might as well stand for secure symbol lock it actually stands for “secure socket layer”
  • 37. without ssl, everything is public @brennenbyrne only do stuff you wouldn’t mind standing on a table and yelling about in a coffee shop i.e. no passwords or credit cards
  • 38. password rot @brennenbyrne
  • 39. @brennenbyrne your password is strongest on the day you set it
  • 40. @brennenbyrne your password is strongest on the day you set it it gets weaker every day after that
  • 41. 2. more computer power available 1. more time for attacker to crack 3. greater chance you’ve reused @brennenbyrne
  • 42. passwords pit our memories against computer brute force — we are going to lose @brennenbyrne
  • 43. what to do @brennenbyrne
  • 44. @brennenbyrne one weird trick to protect your site from all attacks
  • 45. @brennenbyrne delete it.
  • 46. use two factor for admin @brennenbyrne otherwise install bruteprotect and cloak read wordpress security checklist getclef.com/wordpress-security-checklist
  • 47. getclef.com/wcmpls2014 getclef.com/wordpress-security-checklist slides @brennenbyrne