1. Forget Password, Use PassPhrase. Example: IL!ve^^BeAc6Hou5es (I live in beach houses)
  2. Mix the words with 25152$%^@!(*mnHwsIapWQRT – capital and small letters, symbols and numbers. Note: this can also be hacked due to today’s computing power. Hence,
  3. Use 2 Factor verification protocol (using Google/Microsoft Authenticator, Email, Phone notification) during sign-in.
  4. If you are a developer, use honeypot, Recaptcha and human tests to stop bots – brute-force hacks.
Follow Kevin Mitnick’s Recommendations

Be Sure to Subscribe the Blog for more tips!

Bonus Tip #1

If you are using 3rd Party Computer to access your accounts, always use ‘incognito/private mode‘ so that your passwords don’t accidentally get saved.

Bonus Tip #2 & #3

Use a Password Manager to manage your passwords, for example, LastPass, BitWarden and so forth.

LastPass is a smart way to share your passwords with freelancers, agents, coworkers. If you are a business owner, an entrepreneur that is working with freelancers on a regular basis, LastPass is a no-brainer.

Bonus Tips for Developers

Online Bots predict default website login pages (like ‘example.com/wp-admin’ for WordPress websites) hence, I recommend changing the default login/register page slug (url). Example:

In less than 2 months (a new site) received these attacks with the default settings.
In 6-8 months, only 788 attempts. Because the Login page was not easy to guess for bots.

This method will not just save bandwidth but also keep your site more secure. if you add 2-factor verification, plus stronger passwords + Recaptcha you will have a pretty strong website.

Another way to secure a web application or website is by deploying a Web Application Firewall (WAF) to save bandwidth and to keep the bots and hackers away. Example: Cloudflare, Sucuri – they also come with DDoS (distributed denial-of-service) mitigation, Malware scan, and removal.

To further secure, you can also add a DNSSEC (Domain Name System Security Extensions).

And to go an extra mile, add ‘Security headers‘ such as:

  • HTTP Strict Transport Security (HSTS Protocol) is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
  • Content Security Policy an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
  • X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value “X-Frame-Options: SAMEORIGIN”.
  • Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
  • X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is “X-Content-Type-Options: nosniff”.
  • Feature Policy is a new header that allows a site to control which features and APIs can be used in the browser.

Some of these may be overkill for a normal site or blog, but when handling clients or big projects employing these measures will keep the site/app safe and secure.

Subscribe to our blog to stay ahead of the curve!