The issue with website security
As the Internet gets more embedded in our lives, it is important to realize that there are bad people wanting to steal anything they can. Others simply enjoy causing problems for website owners and their visitors. These hackers have stolen information from hundreds of millions of people worldwide.
Thieves use powerful computers and programs called bots (short for “Internet robot”). The easiest entry point for the bots is the log in page. They systematically create and test millions of possible usernames and passwords, hoping to gain access to your information. As they become more sophisticated, website owners and visitors must increase their security.
To keep the Brooks Trading Course site secure, we are tightening the password requirements. Other common alternatives (like sending an authorization code to your phone) are unnecessarily burdensome for you.
Main menu log in
As you can see above, members log in through the main menu. After logging in, the phrase Log In toggles to Log Out, as in the picture.
There is no need to log out if you intend to return using the same device (PC/phone/tablet). The system will remember you for 14 days, after which time it will ask you to log in again. Or, if you do not visit site for 3 days (72 hours), you are logged out. When you next visit, the system will prompt you to log back in.
Important: If you do not log out and then try to access site via another device, you may get blocked. The system limits the number of concurrent logged in sessions. This is to prevent the use of stolen or shared passwords.
The system will allow you to be logged in to 2 devices at any one time. This allows a trader to access site from, for example, a desktop and a mobile device at the same time. If you log in from a third device, the system will expire an earlier session. We will phase this feature in by end March 2019.
Backdoor log in
Many of you may be familiar with the standard WordPress log in form (Backdoor Login). This is also where hackers and automated bots attempt to break into a WordPress site. Al is therefore eliminating this backdoor page. You will only be able to log in through main menu.
If you try to log in via the backdoor, you will get a “404 page not found” error message. Simply log in from the top menu on any page of the website.
The need for passwords is one of the most annoying aspects of online life. Unfortunately, hackers know that, and they take advantage of our natural preference for easy to remember passwords.
See the list of the 100 most common passwords at bottom. Some of you are probably using something similar. It is important to realize that the hacking bots have lists with millions of common passwords. Please do not make it easy for them to steal your information.
My strong 8 character password is okay, right?
Wrong. A hacker’s computer can quickly test every possible combination of 8 characters.
Don’t ever assume that special characters are enough. For example, [email protected]#$%^&* is #20 in the list below. Anything that is easy to remember is easy for the robots to find.
Here is an excellent up-to-date article from IBM on why 8 character passwords are no longer safe:
Password length is more important than complexity. Even if you use password generating software to create a complex password, that is not enough. The hackers use supercomputers that can quickly discover a short password.
Unlike a bank’s site, this site does not hold critical personal financial information. It is therefore not being attacked by the most powerful hacking bots. But, Al now requires a minimum of 12 characters. Ideally you would use MORE than 12 characters. Al and I have passwords with many more than 12 characters. Please use randomized characters and not easy to remember letters or numbers.
Also, many people use the same passwords on all their websites. This is dangerous. Once a hacker discovers your password for one site, he can then try logging into every major financial institution with that information, hoping to find one where you have accounts that he can steal.
You should use a password manager to create a unique strong, long password for every site that you access on the Internet.
Here are three reputable choices. All include a strong password generation tool that automatically creates and saves passwords for you.
Typically, you create one master password that lets you open your password manager software. Once on, it automatically enters your user name and password for any site that you saved. This is the easiest, safest way to have different passwords for each site.
In addition, here is a review of password managers:
If you do not want to use a password manager, here’s a good reference for how to create a strong password. It includes tips for those who want to make up their own memorable passwords. But, generating and storing passwords in a free password manager is a better choice.
Please remember that a long, complex password is not good enough. If you store it on your computer or phone, you also need to be sure that these are secure as well.
Hacked email addresses and passwords
There are websites where you can check to see if your email addresses and passwords have ever been hacked. If you do find your email address has been hacked, simply change your password to a strong one.
I had this experience last year after a local online bookshop went offline and was hacked. I received a ransomware scam email telling me all sorts of terrible, but fictitious, things they were going to share online if I didn’t send them money. For proof, they supplied the password I had used on the bookseller’s website. But I was not worried because I only used that password for this site alone, and I used an alias email address.
Have I been “pwned” (email or password hacked)?
To see if your email address has been compromised in a data breach, just click on this link and enter your address:
To see if any of your passwords are among the 550 million passwords stolen in data breaches, click on this link and enter your password:
Top 100 bad passwords for 2018
For your review, and hopefully entertainment, here are the top 100 bad passwords from a reliable research source. Review to see how many of you are using any of these, or similar passwords.
20 [email protected]$%^&*