Only the Strong Survive

Posted by Matt Johnson | 2007-06-26 18:33:00

There are so many passwords to deal with when you're working on a website. Most have passwords for:

• SSH
• FTP
• Cpanel/Plesk/Some other control panel
• Admin panel for website content, blog, forum, that kind of thing
• Web hosting login for hosting information
• Email
• Etc

Something I see a lot is a weak password for Email, FTP, Cpanel/Plesk, and the website admin panel. And then, I see a lot of long ugly (strong) passwords for root and databases. I get this feeling like the web developer doesn't think that a crack on FTP, Cpanel, or the website admin panel is that much of a security risk. Every password you set should be at the same cracking point level ( <- that's a cool phrase). That me explain...

If your email password is "password" a cracker will walk right into your inbox. From there, he can get the password to just about every forum, blog, social media, etc site that you ever registered for, since most websites send the new password via email. He could also get your FTP information from the host if he submits a support ticket under your hosting account, which he got into when the password was sent to him. With FTP, he can grap your DB password from one of your config files. Hopefully, the craxor can't get into SSH from his IP.

So all in all, you're only as strong as your weakest password.

• About
• Portfolio
• Tools
• Résumé
• Blog
• Links

---

© 2008 Matt Johnson Web Development