In short – YES! For starters, consider the following:
Here’s an example of how long it will take a hacker to hack a sample password (similar to what you may be using right now)
child — can be hacked instantly! <<–See that? INSTANTLY!!!!!
child00 — can be hacked in 19 seconds
childname — can be hacked in 22 minutes
ChilD$n@mE— can be hacked in 14 Years
ChilD$n@mE2013– can be hacked in 2 BILLION Years.
Thi$isAnEx@Mple0fAP@$$Phr@ze — Can be hacked in 525 Decillion years (that’s a 525 with 33 zeros after it)
Use upper case, lower case, symbols and Numbers for a practically uncrackable password. When it comes to passwords, think more in line with “pass-phrases” then passwords.
How safe is your password? find out: http://howsecureismypassword.net/
Now read on…..
Have you ever thought, “No one will try to hack into my little ole’ site”?
If so, pay attention. Hackers don’t actually go to your site and say, “Hmmm, I think I will sit here and hack into this one for a while”. Hackers use automated systems to hack into any site they can. Their tools automatically scan the Internet for open ports and security holes to your website. When they find one, they try to exploit it. Here is a screenshot of my log taken from just 90 minutes.
For anyone who has a website that you “login” to, there’s a BIG, obvious hole right there. If your username is “Admin”, you’ve just given the hacker the first half of the puzzle. So – change it!
Looking closer at the picture, each “lock out” was because the hacker tried 5 times to login using “Admin” for a username, and random common passwords such as people’s names, dates, dictionary words, etc. That’s 90 hack attempts in about 90 minutes. Imagine if I used the default “Admin” for my username, and a common person’s name or date for my password.
But 90 hacks in 90 minutes is nothing! Consider for a moment that my site has an added line of defense that kicks them out for 5 minutes after 5 attempts. If this line of defense wasn’t in place (and most are NOT) they could have tried tens of thousands (to millions) of passwords in 90 minutes. Remember, it’s automated. The hacker was probably asleep, or at least, away from their computer as this was going on. Once their automated system gets into a site, they are notified by some method, and they are free to go in and terrorize your site. They don’t care that your site may just be a small business. They are often just after your server resources. They can hack your site and use it as a platform to go after bigger fish.
So, be serious about security. We can teach your organization how to practice good safety procedures to keep everyone safe, we can test your systems to see how resilient they are, and if you have already been hacked, we can help remediate a hacked site.