SlideShare una empresa de Scribd logo

2 Factor Authentication for Wordpress

Askkiz - Security, Cloud & Social Media GRCS
Askkiz - Security, Cloud & Social Media GRCS

One of the sites I administer was recently attacked to the point the security module triggered an alert. I know there are many amature bloggers and web developers out there who use Wordpress. There are some pretty simple steps to raising the level of security on your site and this simple presentation takes you though them.

TecnologíaNoticias y política
1 de 21
General Password Tips &
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ Purpose built password cracking machine cluster. Capable of 350 billion password guesses per second. 958 (6.6 Thousand Trillion) Combinations in 5.5 hours http://passwords12.at.ifi.uio.no/Jeremi_Gosney_Password_Cracking_HPC_Passwords12.pdf Dec 14, 2009 – Rockyou data breach exposes 32 MILLION user accounts and passwords April 2013 – “Yahoo email accounts have been hacked for the fourth time in as many months” http://siliconangle.com/blog/2013/04/30/yahoo-mail-hacked-again-serious-questions-raised-about-its-ability-to-protect-users/ These, and many more examples like it mean you need to begin using higher level of security for everyday tasks.
What would you do if you received this email from your WordPress site's security plug-in? What prompted me to create this document? I have recently been helping a customer recover from a public domain email hack - See my Article LINK: “2 Factor Authentication – why everyone needs it.“ for more information I received the pasted email from a security plug-in of one of the sites I administer which shows that attempts were made from a Russian Federation IP address to compromise the site administration console.
As described in the article: LINK: "Anatomy of a hack" Your bare minimum defence is a STRONG password: ● Minimum of 11 characters ● upper- and lower-case letters, numbers, and letters. ● No pattern based passwords, ● eg qwerty12345, P@as$w0rd4321, lastnamefirstname etc So what can you do? Part 1
● Utilise a password manager. ● Some good considerations and example given here: LINK "Which Password Manager" ● A very comprehensive comparison of 25 popular Password managers here: LINK "Password managers" ● Secure the Password Manager ● “Do what cryptographers do: use a passphrase.” ● go to LINK "diceware", and follow the instructions there for generating a near* foolproof passphrase. ● *nothing is ever absolutely secure So what can you do? Part 2
● Those takeaways again: ● Don't try to be password clever - The only thing that works is random ● Use a computer to achieve a truly random password ● Use a secure password manager, to manage your passwords. ● Secure your password manager with the cryptographer-approved method of generating the only passphrase that you will actually need to remember So what can you do?
AND!Utilise the growing number of freely available 2 factor authentication devices The remainder of this presentation will guide you, step-by-step through configuring 2 factor authentication in your WORDPRESS site(s). In this example, I use: The Wordpress plugin – Google Authenticator & The Android app – Google Authenticator. These are, by no means the be-all & end-all components to use, but they are easy which is always a big advantage. 1st - let's setup Wordpress!
30 May, 2013 © 2013 Askkiz 8 SETUP IN WORDPRESSSETUP IN WORDPRESS
30 May, 2013 © 2013 Askkiz 9 SETUP IN WORDPRESSSETUP IN WORDPRESS
30 May, 2013 © 2013 Askkiz 10 SETUP IN WORDPRESSSETUP IN WORDPRESS
30 May, 2013 © 2013 Askkiz 11 SETUP IN WORDPRESSSETUP IN WORDPRESS Select the users to which the 2-factor authentication will apply. Ideally any user with the ability to modify your site, posts and settings
30 May, 2013 © 2013 Askkiz 12 SETUP IN WORDPRESSSETUP IN WORDPRESS This is the description that will appear on your phone
30 May, 2013 © 2013 Askkiz 13 SETUP IN WORDPRESSSETUP IN WORDPRESS You will eventually scan this with your phone
30 May, 2013 © 2013 Askkiz 14 https://itunes.apple.com/us/app/google-authenticator/id388497605 https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 As mentioned previously, there are a number of apps available to enable the use of 2 factor authentication. This presentation is using “Google Authenticator” Below are the locations for it availability on iPhone, iPads and all Android devices.
30 May, 2013 © 2013 Askkiz 15 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
30 May, 2013 © 2013 Askkiz 16 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
30 May, 2013 © 2013 Askkiz 17 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
30 May, 2013 © 2013 Askkiz 18 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
30 May, 2013 © 2013 Askkiz 19
30 May, 2013 © 2013 Askkiz 20 The next time you sign into your WordPress site – you will beThe next time you sign into your WordPress site – you will be presented with this slightly modified Log In screenpresented with this slightly modified Log In screen Take this number and put it in the box
30 May, 2013 © 2013 Askkiz 21 I trust this presentation has been enlightening, helpful andI trust this presentation has been enlightening, helpful and informative.informative. For assistance setting this up, and any other advice on securingFor assistance setting this up, and any other advice on securing your digital environment, contact me directly.your digital environment, contact me directly. ● IT SecurityIT Security ● Cloud ServicesCloud Services ● Social Media Governance, Risk, Compliance & SecuritySocial Media Governance, Risk, Compliance & Security Kieran CookKieran Cook Owner / CEO AskkizOwner / CEO Askkiz office@askkiz.com.auoffice@askkiz.com.au facebook.com/askkiz.aufacebook.com/askkiz.au linkedin.com.au/company/askkizlinkedin.com.au/company/askkiz

Recomendados

Naswiz perfect app
Naswiz perfect appNaswiz perfect app
Naswiz perfect appdhekanenandkishor
 
How To Hack instagram Account
How To Hack instagram AccountHow To Hack instagram Account
How To Hack instagram Accountiuniyw kinke
 
Test1
Test1Test1
Test1Suraj Padmasali
 
Digital safety
Digital safetyDigital safety
Digital safetypsusmith
 
Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Paris Android User Group
 
Webinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecurityWebinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecuritySucuri
 
What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?Quick Heal Technologies Ltd.
 
How to disable google factory reset protection
How to disable google factory reset protectionHow to disable google factory reset protection
How to disable google factory reset protectionMicroTech3
 

Recomendados

Naswiz perfect app
Naswiz perfect appNaswiz perfect app
Naswiz perfect appdhekanenandkishor
 
How To Hack instagram Account
How To Hack instagram AccountHow To Hack instagram Account
How To Hack instagram Accountiuniyw kinke
 
Test1
Test1Test1
Test1Suraj Padmasali
 
Digital safety
Digital safetyDigital safety
Digital safetypsusmith
 
Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Paris Android User Group
 
Webinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecurityWebinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecuritySucuri
 
What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?Quick Heal Technologies Ltd.
 
How to disable google factory reset protection
How to disable google factory reset protectionHow to disable google factory reset protection
How to disable google factory reset protectionMicroTech3
 
things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...Red Red
 
steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...Red Red
 
tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...Red Red
 
Geekatoo
GeekatooGeekatoo
Geekatoo500 Startups
 
probed
probedprobed
probedSecureBacklink1
 
Naswiz livesupport app
Naswiz livesupport appNaswiz livesupport app
Naswiz livesupport appdhekanenandkishor
 
Top 10 Web Hacking Techniques of 2014
Top 10 Web Hacking Techniques of 2014Top 10 Web Hacking Techniques of 2014
Top 10 Web Hacking Techniques of 2014Quick Heal Technologies Ltd.
 
top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...Red Red
 
Logs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteLogs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteSucuri
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
AVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon codeAVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon codeDiscount Coupon
 
Ransomwarever1
Ransomwarever1Ransomwarever1
Ransomwarever1quickheal_co_ir
 
Activate hidden themes in Windows 7
Activate hidden themes in Windows 7Activate hidden themes in Windows 7
Activate hidden themes in Windows 7thesoftwareguy7
 
Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersFIDO Alliance
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case StudyFIDO Alliance
 
Google Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationGoogle Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationFIDO Alliance
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...FIDO Alliance
 
5 Steps to Secure Google Drive
5 Steps to Secure Google Drive5 Steps to Secure Google Drive
5 Steps to Secure Google DriveDatto
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Mastering the Art and Science of Video Creation
Mastering the Art and Science of Video CreationMastering the Art and Science of Video Creation
Mastering the Art and Science of Video CreationEmma Blogger
 

Más contenido relacionado

La actualidad más candente

things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...Red Red
 
steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...Red Red
 
tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...Red Red
 
top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...Red Red
 
Logs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteLogs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteSucuri
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
AVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon codeAVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon codeDiscount Coupon
 
Activate hidden themes in Windows 7
Activate hidden themes in Windows 7Activate hidden themes in Windows 7
Activate hidden themes in Windows 7thesoftwareguy7
 

La actualidad más candente (13)

things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...
 
steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...
 
tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...
 
Geekatoo
GeekatooGeekatoo
Geekatoo
 
probed
probedprobed
probed
 
Naswiz livesupport app
Naswiz livesupport appNaswiz livesupport app
Naswiz livesupport app
 
Top 10 Web Hacking Techniques of 2014
Top 10 Web Hacking Techniques of 2014Top 10 Web Hacking Techniques of 2014
Top 10 Web Hacking Techniques of 2014
 
top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...
 
Logs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteLogs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress Site
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?
 
AVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon codeAVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon code
 
Ransomwarever1
Ransomwarever1Ransomwarever1
Ransomwarever1
 
Activate hidden themes in Windows 7
Activate hidden themes in Windows 7Activate hidden themes in Windows 7
Activate hidden themes in Windows 7
 

Similar a 2 Factor Authentication for Wordpress

Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersFIDO Alliance
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case StudyFIDO Alliance
 
Google Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationGoogle Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationFIDO Alliance
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...FIDO Alliance
 
5 Steps to Secure Google Drive
5 Steps to Secure Google Drive5 Steps to Secure Google Drive
5 Steps to Secure Google DriveDatto
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Mastering the Art and Science of Video Creation
Mastering the Art and Science of Video CreationMastering the Art and Science of Video Creation
Mastering the Art and Science of Video CreationEmma Blogger
 
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...cyberforgeacademy
 
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)Joshua McNary
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...Product School
 
Best Practices for Password Creation
Best Practices for Password CreationBest Practices for Password Creation
Best Practices for Password CreationnFront Security
 
Don't let your WordPress site get hacked
Don't let your WordPress site get hackedDon't let your WordPress site get hacked
Don't let your WordPress site get hackedVictoria Darling
 
The Google Hack VSeries.pdf
The Google Hack VSeries.pdfThe Google Hack VSeries.pdf
The Google Hack VSeries.pdfOsama Khalil
 
Comment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mienComment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mienJulien Dereumaux
 
2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison changmjchang
 
How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)Jack Forbes
 
Lets exploit Injection and XSS
Lets exploit Injection and XSSLets exploit Injection and XSS
Lets exploit Injection and XSSlethalduck
 
Exploitation of Injection and XSS
Exploitation of Injection and XSSExploitation of Injection and XSS
Exploitation of Injection and XSSKim Carter
 

Similar a 2 Factor Authentication for Wordpress (20)

Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and Consumers
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
 
Google Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationGoogle Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authentication
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
 
5 Steps to Secure Google Drive
5 Steps to Secure Google Drive5 Steps to Secure Google Drive
5 Steps to Secure Google Drive
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Mastering the Art and Science of Video Creation
Mastering the Art and Science of Video CreationMastering the Art and Science of Video Creation
Mastering the Art and Science of Video Creation
 
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...
 
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
 
Best Practices for Password Creation
Best Practices for Password CreationBest Practices for Password Creation
Best Practices for Password Creation
 
Don't let your WordPress site get hacked
Don't let your WordPress site get hackedDon't let your WordPress site get hacked
Don't let your WordPress site get hacked
 
The Google Hack VSeries.pdf
The Google Hack VSeries.pdfThe Google Hack VSeries.pdf
The Google Hack VSeries.pdf
 
Comment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mienComment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mien
 
2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang
 
How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)
 
Lets exploit Injection and XSS
Lets exploit Injection and XSSLets exploit Injection and XSS
Lets exploit Injection and XSS
 
Exploitation of Injection and XSS
Exploitation of Injection and XSSExploitation of Injection and XSS
Exploitation of Injection and XSS
 

Último

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Último (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

2 Factor Authentication for Wordpress

  • 2. http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ Purpose built password cracking machine cluster. Capable of 350 billion password guesses per second. 958 (6.6 Thousand Trillion) Combinations in 5.5 hours http://passwords12.at.ifi.uio.no/Jeremi_Gosney_Password_Cracking_HPC_Passwords12.pdf Dec 14, 2009 – Rockyou data breach exposes 32 MILLION user accounts and passwords April 2013 – “Yahoo email accounts have been hacked for the fourth time in as many months” http://siliconangle.com/blog/2013/04/30/yahoo-mail-hacked-again-serious-questions-raised-about-its-ability-to-protect-users/ These, and many more examples like it mean you need to begin using higher level of security for everyday tasks.
  • 3. What would you do if you received this email from your WordPress site's security plug-in? What prompted me to create this document? I have recently been helping a customer recover from a public domain email hack - See my Article LINK: “2 Factor Authentication – why everyone needs it.“ for more information I received the pasted email from a security plug-in of one of the sites I administer which shows that attempts were made from a Russian Federation IP address to compromise the site administration console.
  • 4. As described in the article: LINK: "Anatomy of a hack" Your bare minimum defence is a STRONG password: ● Minimum of 11 characters ● upper- and lower-case letters, numbers, and letters. ● No pattern based passwords, ● eg qwerty12345, P@as$w0rd4321, lastnamefirstname etc So what can you do? Part 1
  • 5. ● Utilise a password manager. ● Some good considerations and example given here: LINK "Which Password Manager" ● A very comprehensive comparison of 25 popular Password managers here: LINK "Password managers" ● Secure the Password Manager ● “Do what cryptographers do: use a passphrase.” ● go to LINK "diceware", and follow the instructions there for generating a near* foolproof passphrase. ● *nothing is ever absolutely secure So what can you do? Part 2
  • 6. ● Those takeaways again: ● Don't try to be password clever - The only thing that works is random ● Use a computer to achieve a truly random password ● Use a secure password manager, to manage your passwords. ● Secure your password manager with the cryptographer-approved method of generating the only passphrase that you will actually need to remember So what can you do?
  • 7. AND!Utilise the growing number of freely available 2 factor authentication devices The remainder of this presentation will guide you, step-by-step through configuring 2 factor authentication in your WORDPRESS site(s). In this example, I use: The Wordpress plugin – Google Authenticator & The Android app – Google Authenticator. These are, by no means the be-all & end-all components to use, but they are easy which is always a big advantage. 1st - let's setup Wordpress!
  • 8. 30 May, 2013 © 2013 Askkiz 8 SETUP IN WORDPRESSSETUP IN WORDPRESS
  • 9. 30 May, 2013 © 2013 Askkiz 9 SETUP IN WORDPRESSSETUP IN WORDPRESS
  • 10. 30 May, 2013 © 2013 Askkiz 10 SETUP IN WORDPRESSSETUP IN WORDPRESS
  • 11. 30 May, 2013 © 2013 Askkiz 11 SETUP IN WORDPRESSSETUP IN WORDPRESS Select the users to which the 2-factor authentication will apply. Ideally any user with the ability to modify your site, posts and settings
  • 12. 30 May, 2013 © 2013 Askkiz 12 SETUP IN WORDPRESSSETUP IN WORDPRESS This is the description that will appear on your phone
  • 13. 30 May, 2013 © 2013 Askkiz 13 SETUP IN WORDPRESSSETUP IN WORDPRESS You will eventually scan this with your phone
  • 14. 30 May, 2013 © 2013 Askkiz 14 https://itunes.apple.com/us/app/google-authenticator/id388497605 https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 As mentioned previously, there are a number of apps available to enable the use of 2 factor authentication. This presentation is using “Google Authenticator” Below are the locations for it availability on iPhone, iPads and all Android devices.
  • 15. 30 May, 2013 © 2013 Askkiz 15 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
  • 16. 30 May, 2013 © 2013 Askkiz 16 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
  • 17. 30 May, 2013 © 2013 Askkiz 17 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
  • 18. 30 May, 2013 © 2013 Askkiz 18 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
  • 19. 30 May, 2013 © 2013 Askkiz 19
  • 20. 30 May, 2013 © 2013 Askkiz 20 The next time you sign into your WordPress site – you will beThe next time you sign into your WordPress site – you will be presented with this slightly modified Log In screenpresented with this slightly modified Log In screen Take this number and put it in the box
  • 21. 30 May, 2013 © 2013 Askkiz 21 I trust this presentation has been enlightening, helpful andI trust this presentation has been enlightening, helpful and informative.informative. For assistance setting this up, and any other advice on securingFor assistance setting this up, and any other advice on securing your digital environment, contact me directly.your digital environment, contact me directly. ● IT SecurityIT Security ● Cloud ServicesCloud Services ● Social Media Governance, Risk, Compliance & SecuritySocial Media Governance, Risk, Compliance & Security Kieran CookKieran Cook Owner / CEO AskkizOwner / CEO Askkiz office@askkiz.com.auoffice@askkiz.com.au facebook.com/askkiz.aufacebook.com/askkiz.au linkedin.com.au/company/askkizlinkedin.com.au/company/askkiz