[wp-forums] A reason to upgrade

Christopher J. Hradil chradil at comcast.net
Sun Aug 13 18:34:57 GMT 2006 

/*snip*/
> it's less to do with changing the name - my blog is 'admin' - 
> and much much more to do with password strength.
> Seen those apps / online facilities that indicate password 
> strength? One of those would be cool...

that's a super cool plugin, I've got a new php programmer working for me
pretty much full time, I think I may put him on that as a project during
some of his downtime, I'd do it myself but I'm buried. my (on several sites
we own/operate + over 20 client sites) use 'admin' as well. I've always been
a fan of coming up with a sentence like "my daughter is a cool kid" then
doing something like 4MdiACk23 for a password and strength wise between the
mixed case and 
the numbers it's pretty much uncrackable, I've tested passwords like these
against a number of security tools, and the 'crackers' just run for days,
I'm sure eventually they'd get it, but you're right, the strength of the
password is the real issue. The auto generated ones that WP spits out aren't
so bad in fact, on some of the development servers/boxes which are internet
accessible we just use those because they seem secure enough (although I
guess is someone dug into the WP code, they could reasonably easy reverse
engineer a cracker based on the methods used to generate the passwords. 


..c



~~
Christopher J. Hradil
http://hradil.us 


 

> -----Original Message-----
> From: wp-forums-bounces at lists.automattic.com 
> [mailto:wp-forums-bounces at lists.automattic.com] On Behalf Of Podz
> Sent: Sunday, August 13, 2006 12:19 PM
> To: wp-forums at lists.automattic.com
> Subject: Re: [wp-forums] A reason to upgrade
> 
> Christopher J. Hradil wrote:
> > shouldn't we just delete or edit that post so that folks 
> can't go out 
> > and download that thing. you know, many folks don't change their 
> > default install's username....Fill in the blanks.....and hopefully 
> > that thing doesn't work against 2.04-->
> 
> It's a brute force and they have been around for years. And 
> they work against (pretty much) anything. I seem to remember 
> a plugin? from ages ago which might have given 3 chances then 
> emailed the blog owner. I could be mistaken.
> I posted it here simply because it's got the letters W and P 
> in it which could cause people to run to the forums. I think 
> it's less to do with changing the name - my blog is 'admin' - 
> and much much more to do with password strength.
> Seen those apps / online facilities that indicate password 
> strength? One of those would be cool...
> 
> P.
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
>

More information about the wp-forums mailing list