I received the email seen below in this article on Tuesday. It came from a plugin I use for the Wordpress websites I create called Limit Login Attempts, which limits the number of times a person can login to a website AND which also locks their IP address for 24 hours – or whatever value I set – when the person fails at logging in too many times.
I looked up the IP address provided in the email on Whois and found out it comes from somewhere in Russia. The person was using the “admin” username, which is the default username when installing Wordpress. Apparently that person was using a “brute force” attack by simply using easily available software that rapidly tries thousands, even hundreds of thousands of commonly used passwords freely available on the internet.
Fortunately, I had entered a unique username when installing Wordpress and an uncommon password with a combination of lowercase letters, uppercase letters, numbers and special characters with a total of close to 10 characters. (I use Roboform to remember passwords – an awesome password keeper). However, some of the first websites I made had “admin” as the username (I didn’t know any better at that time). I quickly changed them after getting the email below.
I had read that there are people out there who KNOW that many people use “admin” as the default username and these "bad guys" try to take advantage of the admin usernames. I found out first-hand from the email on the right that they really are out there and that they are actively looking for accounts to hack into.
Not too long ago, when I was using Outlook as my email client, I had forgotten a password for one of my old email accounts and I did not have it recorded in my password keeper. So, I googled “hack outlook password,” found a result with good reviews, downloaded it from CNET, installed it, and was provided on my screen ALL my all of my Outlook passwords.
This whole process took less than 5 minutes from start to finish. It made me realize how easily someone could get into my Outlook email accounts if they had my computer. I then switched to Thunderbird, which is more secure with an encrypted master password
Not too long ago, a friend notified me that she could not get into her computer because her password had been changed by her daughter – who was young and simply thought it would be funny to change her mother’s password. A quick search in google for “Windows 7 password hack” shows several results. The first result is an article on About.com listing several free tools to crack Windows 7 passwords – and Word docs, pdf’s, and zip archives. I used one of the free ones that had many positive results and again, within minutes I was able to get back into her computer. And - it was free. I don't know of a good solution to this one - other than using encryption software for sensitive files on your computer, such as those containing financial information and any other information that could damage you in some way if it became public.
Encrypting passwords is one of the best solutions. Use encryption software for sensitive information on your computer. Don’t use browsers to save passwords. Clean your internet cache regularly. (CCleaner is a great, free tool to do this!) Keep Windows, antivirus, and anti-malware software updated. DO NOT use weak passwords. These are a few, but effective tips. There are many ways to easily, quickly, and sometimes free-ly protect your computer and information - just ask Google!
This article was originally posted on Barking Bird Media.