Earlier this week, there was a small earthquake reported east of Melbourne, in the area around Parts Unknown. A magnitude 2.7 tremor, according to seismologists.
Residents in surrounding districts report hearing a frightening sound, akin to an explosive going off or a freight train derailing. The earth trembled and houses shook, local residents said.
Just moments earlier, your usually calm Taskmaster was speaking to a local small business owner about his website. For the purposes of this discussion, we’ll call the website owner Steve.
Now, Steve was logging in to the back end of his business’ website when your humble correspondent noticed something rather peculiar. Steve entered his username, copied it, then pasted it into the password field and hit enter.
Old Taskmaster was stunned. Surely Steve was aware that one of the first things a hacker generally tries when attempting to illegally access a website is putting a users’ username as their password?
“I’m very forgetful when it comes to passwords. It’s just far easier just to use my username as a password, that way I won’t get locked out,” Steve explained.
When asked if all his staff were as lax with their accounts, Steve gave another jaw-dropper.
“My staff don’t have their own accounts. We all share the same account. It’s too much hassle. When they leave my company, I just trust they’ll all do the right thing and not access my site.”
Now, your humble correspondent has been known to hold an opinion or two and is not often shy about voicing them. But what happened next brought an air of stunned silence to the room.
In the back end of Steve’s poorly secured website was a database for his online store. This database contained names, addresses and phone numbers sitting there in plain text.
That’s right. Not encrypted. Not salted. Not hashed. Plain text.
Upon seeing this, Old Taskmaster fumed. Windows rattled. The earth shook. A loud noise akin to an explosive going off or a freight train derailing was heard across the district. The earth quaked and houses shook, local residents said.
Now, have you got the basics of web security right? In this day and age, can you afford to take a lax attitude to passwords or logins? Is sensitive customer information, such as passwords or addresses, properly encrypted on your site?
If not, you need to get in touch with your IT guys straight away. No online security is foolproof, but anything is better than leaving your front door open to would-be attackers.
But it’s not hackers you need to fear – you’ve heard that line 100 times and you still have a weak password. No, what you really need to fear is the scorn of an angry Taskmaster!
Get it done – today!