The issue with website security
As the Internet gets more embedded in our lives, it is important to realize that there are bad people wanting to steal anything they can. Others simply enjoy causing problems for website owners and their visitors. These hackers have stolen information from hundreds of millions of people worldwide.
Thieves use powerful computers and programs called bots (short for “Internet robot”). The easiest entry point for the bots is the log in page. They systematically create and test millions of possible usernames and passwords, hoping to gain access to your information. As they become more sophisticated, website owners and visitors must increase their security.
To keep the Brooks Trading Course site secure, we are tightening the password requirements. Other common alternatives (like sending an authorization code to your phone) are unnecessarily burdensome for you.
Logging in
Main menu log in
As you can see above, members log in through the main menu. After logging in, the phrase Log In toggles to Log Out, as in the picture.
There is no need to log out if you intend to return using the same device (PC/phone/tablet). The system will remember you for 14 days, after which time it will ask you to log in again. Or, if you do not visit site for 3 days (72 hours), you are logged out. When you next visit, the system will prompt you to log back in.
Important: If you do not log out and then try to access site via another device, you may get blocked. The system limits the number of concurrent logged in sessions. This is to prevent the use of stolen or shared passwords.
The system will allow you to be logged in to 2 devices at any one time. This allows a trader to access site from, for example, a desktop and a mobile device at the same time. If you log in from a third device, the system will expire an earlier session. We will phase this feature in by end March 2019.
Backdoor log in
Many of you may be familiar with the standard WordPress log in form (Backdoor Login). This is also where hackers and automated bots attempt to break into a WordPress site. Al is therefore eliminating this backdoor page. You will only be able to log in through main menu.
If you try to log in via the backdoor, you will get a “404 page not found” error message. Simply log in from the top menu on any page of the website.
Passwords
The need for passwords is one of the most annoying aspects of online life. Unfortunately, hackers know that, and they take advantage of our natural preference for easy to remember passwords.
See the list of the 100 most common passwords at bottom. Some of you are probably using something similar. It is important to realize that the hacking bots have lists with millions of common passwords. Please do not make it easy for them to steal your information.
My strong 8 character password is okay, right?
Wrong. A hacker’s computer can quickly test every possible combination of 8 characters.
Don’t ever assume that special characters are enough. For example, !@#$%^&* is #20 in the list below. Anything that is easy to remember is easy for the robots to find.
Here is an excellent up-to-date article from IBM on why 8 character passwords are no longer safe:
The Inconvenient Truth About Your Eight-Character Password
Password length is more important than complexity. Even if you use password generating software to create a complex password, that is not enough. The hackers use supercomputers that can quickly discover a short password.
Conclusion?
Unlike a bank’s site, this site does not hold critical personal financial information. It is therefore not being attacked by the most powerful hacking bots. But, Al now requires a minimum of 12 characters. Ideally you would use MORE than 12 characters. Al and I have passwords with many more than 12 characters. Please use randomized characters and not easy to remember letters or numbers.
Also, many people use the same passwords on all their websites. This is dangerous. Once a hacker discovers your password for one site, he can then try logging into every major financial institution with that information, hoping to find one where you have accounts that he can steal.
Password managers
You should use a password manager to create a unique strong, long password for every site that you access on the Internet.
Here are three reputable choices. All include a strong password generation tool that automatically creates and saves passwords for you.
Typically, you create one master password that lets you open your password manager software. Once on, it automatically enters your user name and password for any site that you saved. This is the easiest, safest way to have different passwords for each site.
Lastpass password generator and website
In addition, here is a review of password managers:
The best password managers – CNET.com
If you do not want to use a password manager, here’s a good reference for how to create a strong password. It includes tips for those who want to make up their own memorable passwords. But, generating and storing passwords in a free password manager is a better choice.
How to create a strong password and remember it
Please remember that a long, complex password is not good enough. If you store it on your computer or phone, you also need to be sure that these are secure as well.
Hacked email addresses and passwords
There are websites where you can check to see if your email addresses and passwords have ever been hacked. If you do find your email address has been hacked, simply change your password to a strong one.
I had this experience last year after a local online bookshop went offline and was hacked. I received a ransomware scam email telling me all sorts of terrible, but fictitious, things they were going to share online if I didn’t send them money. For proof, they supplied the password I had used on the bookseller’s website. But I was not worried because I only used that password for this site alone, and I used an alias email address.
Have I been «pwned» (email or password hacked)?
To see if your email address has been compromised in a data breach, just click on this link and enter your address:
To see if any of your passwords are among the 550 million passwords stolen in data breaches, click on this link and enter your password:
Top 100 bad passwords for 2018
For your review, and hopefully entertainment, here are the top 100 bad passwords from a reliable research source. Review to see how many of you are using any of these, or similar passwords.
100 biteme
99 1992
98 london
97 soccer
99 1992
98 london
97 soccer
96 william
95 querty
94 liverpool
93 pussy
92 admin123
91 whatever
90 dallas
89 hockey
88 test
87 zaq1zaq1
86 1q2w3e
85 aaaaaa
84 killer
83 bandit
82 ashley
81 cookie
80 merlin
79 trustno1
78 1991
77 ranger
76 chelsea
75 banana
74 jennifer
73 1990
72 amanda
71 1989
70 hunter
69 nicole
68 hello
67 maverick
66 blahblah
65 mercedes
64 corvette
63 computer
62 cheese
61 ferrari
60 starwars
59 1qaz2wsx
58 andrea
57 lakers
56 andrew
55 12341234
54 matthew
53 robert
52 1234
51 sophie
50 pepper
49 joshua
48 tigger
47 55555
46 jordan
45 solo
44 abcdef
43 letmein
42 ginger
41 jessica
40 222222
39 harley
38 george
37 summer
36 thomas
35 hannah
34 daniel
33 buster
32 baseball
31 passw0rd
30 shadow
29 freedom
28 bailey
27 121212
26 zxcvbnm
25 qwerty123
24 password1
23 donald
22 aa123456
21 charlie
20 !@$%^&*
19 654321
18 monkey
17 123123
16 football
15 abc123
14 666666
13 welcome
12 admin
11 princess
10 iloveyou
9 qwerty
8 sunshine
7 1234567
6 111111
5 12345
4 12345678
3 123456789
2 password
1 123456