The document emphasizes the importance of strong passwords and two-factor authentication (2FA) to protect against hacking, especially following high-profile breaches like the RockYou and Yahoo incidents. It provides guidelines for creating secure passwords and recommends using password managers and 2FA tools like Google Authenticator to enhance security for WordPress sites. It ultimately encourages users to adopt these security measures to safeguard their digital environments.

1. General Password Tips &

2. http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
Purpose built password cracking machine cluster.
Capable of 350 billion password guesses per second.
958
(6.6 Thousand Trillion) Combinations in 5.5 hours
http://passwords12.at.ifi.uio.no/Jeremi_Gosney_Password_Cracking_HPC_Passwords12.pdf
Dec 14, 2009 – Rockyou data breach exposes
32 MILLION user accounts and passwords
April 2013 – “Yahoo email accounts have
been hacked for the fourth time in as
many months”
http://siliconangle.com/blog/2013/04/30/yahoo-mail-hacked-again-serious-questions-raised-about-its-ability-to-protect-users/
These, and many more examples like it mean you need to begin using higher
level of security for everyday tasks.

3. What would you do if you received this email
from your WordPress site's security plug-in?
What prompted me to create this document?
I have recently been helping a customer recover from a public domain email hack
- See my Article LINK: “2 Factor Authentication – why everyone needs it.“ for more information
I received the pasted email from a security plug-in of one of the sites I administer
which shows that attempts were made from a Russian Federation IP address to
compromise the site administration console.

4. As described in the article:
LINK: "Anatomy of a hack"
Your bare minimum defence is a STRONG password:
● Minimum of 11 characters
● upper- and lower-case letters, numbers, and letters.
● No pattern based passwords,
● eg qwerty12345, P@as$w0rd4321, lastnamefirstname etc
So what can you do? Part 1

5. ● Utilise a password manager.
● Some good considerations and example given here:
LINK "Which Password Manager"
● A very comprehensive comparison of 25 popular Password managers here:
LINK "Password managers"
● Secure the Password Manager
● “Do what cryptographers do: use a passphrase.”
● go to LINK "diceware", and follow the instructions there for generating a near*
foolproof passphrase.
● *nothing is ever absolutely secure
So what can you do? Part 2

6. ● Those takeaways again:
● Don't try to be password clever - The only thing that works is random
● Use a computer to achieve a truly random password
● Use a secure password manager, to manage your passwords.
● Secure your password manager with the cryptographer-approved
method of generating the only passphrase that you will actually need to
remember
So what can you do?

7. AND!Utilise the growing number of freely available 2 factor authentication devices
The remainder of this presentation will guide you, step-by-step through
configuring 2 factor authentication in your WORDPRESS site(s).
In this example, I use:
The Wordpress plugin – Google Authenticator
&
The Android app – Google Authenticator.
These are, by no means the be-all & end-all components to use, but they
are easy which is always a big advantage.
1st
- let's setup Wordpress!

8. 30 May, 2013 © 2013 Askkiz 8
SETUP IN WORDPRESSSETUP IN WORDPRESS

9. 30 May, 2013 © 2013 Askkiz 9
SETUP IN WORDPRESSSETUP IN WORDPRESS

10. 30 May, 2013 © 2013 Askkiz 10
SETUP IN WORDPRESSSETUP IN WORDPRESS

11. 30 May, 2013 © 2013 Askkiz 11
SETUP IN WORDPRESSSETUP IN WORDPRESS
Select the users to which the 2-factor authentication
will apply. Ideally any user with the ability to modify
your site, posts and settings

12. 30 May, 2013 © 2013 Askkiz 12
SETUP IN WORDPRESSSETUP IN WORDPRESS
This is the description that will appear on your phone

13. 30 May, 2013 © 2013 Askkiz 13
SETUP IN WORDPRESSSETUP IN WORDPRESS
You will eventually scan this with your phone

14. 30 May, 2013 © 2013 Askkiz 14
https://itunes.apple.com/us/app/google-authenticator/id388497605
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
As mentioned previously, there are a number of apps available to enable the
use of 2 factor authentication.
This presentation is using “Google Authenticator”
Below are the locations for it availability on iPhone, iPads and all Android
devices.

15. 30 May, 2013 © 2013 Askkiz 15
SMARTPHONESMARTPHONE
SETUPSETUP
The Google AuthenticatorThe Google Authenticator
App is available on AndroidApp is available on Android
and iPhoneand iPhone

16. 30 May, 2013 © 2013 Askkiz 16
SMARTPHONESMARTPHONE
SETUPSETUP
The Google AuthenticatorThe Google Authenticator
App is available on AndroidApp is available on Android
and iPhoneand iPhone

17. 30 May, 2013 © 2013 Askkiz 17
SMARTPHONESMARTPHONE
SETUPSETUP
The Google AuthenticatorThe Google Authenticator
App is available on AndroidApp is available on Android
and iPhoneand iPhone

18. 30 May, 2013 © 2013 Askkiz 18
SMARTPHONESMARTPHONE
SETUPSETUP
The Google AuthenticatorThe Google Authenticator
App is available on AndroidApp is available on Android
and iPhoneand iPhone

19. 30 May, 2013 © 2013 Askkiz 19

20. 30 May, 2013 © 2013 Askkiz 20
The next time you sign into your WordPress site – you will beThe next time you sign into your WordPress site – you will be
presented with this slightly modified Log In screenpresented with this slightly modified Log In screen
Take this number and put it in the box

21. 30 May, 2013 © 2013 Askkiz 21
I trust this presentation has been enlightening, helpful andI trust this presentation has been enlightening, helpful and
informative.informative.
For assistance setting this up, and any other advice on securingFor assistance setting this up, and any other advice on securing
your digital environment, contact me directly.your digital environment, contact me directly.
●
IT SecurityIT Security
●
Cloud ServicesCloud Services
●
Social Media Governance, Risk, Compliance & SecuritySocial Media Governance, Risk, Compliance & Security
Kieran CookKieran Cook
Owner / CEO AskkizOwner / CEO Askkiz
office@askkiz.com.auoffice@askkiz.com.au
facebook.com/askkiz.aufacebook.com/askkiz.au
linkedin.com.au/company/askkizlinkedin.com.au/company/askkiz