成功網站管理手冊

It's been a long while we have no new posts since the Philipines tragedy. Now, let's move on again.

This time, I will write in English as most of our readers are from overseas. It's fairer for the overseas readers who care more to write me a note. 

As you can tell, from the subject, we are going to talk about the security issues for your site. If you are running a online store, you are much more likely to be hacker's targets.   With technology becoming more and more advanced, even our own PCs can execute tens of thansands of instructions per minute.

In the past, you may think that your password is quite strong to protect your site and you keep prolonging the password changing cycle. But now, with the faster machines, your site can be hacked in days or even hours if you password is not secured enough.

So how are we going to manage our site security?

Follow up:

"Theoretically" , our site security is protected by 2 components.  They are the username and the password.  Now, let me tell you. Your username is not secured AT ALL. It can be found everywhere: in your account setup email, in your communication with the host, etc.  In some setup, it is also easy for hackers to havest all usernames on a machine if they succeed to hack  in one account.

What you have left now is your little password to protect you. If you are running an online store and have a short password forming with just a few numbers or words, then the chanse is you will get hacked a few times a day.

Today let me share with you some tips on passwords.

A. Get yourself a STRONG password

This is the sole protection for your site.

1. If your site login supports foreign language other than English, use some of your mother language as your password. This will give some headache to the foreign made hacking 'machines'.  For example, in Chinese, we have over 1000 commonly used words.  If you have a password in Chinese, the combinations of a 6-word password is 1000⁶.  Comaparing to English including symbols and upper and lower case, it will be around 80⁶. Now you can see the difference.
2. Your password should contain alphabets, numbers and symbols.
3. Make it as long as possible.

Well, you may now think: Oh God!  My poor little brain. How am I going to memorise that long and hard password?

Let me give you some examples on how to form a password.

1. Oh, what'm I gonna have for my father's 70th birthday? - TT
2. Call me  at +1 (999) 9129234 if I win the Lottery:) Okay? Hum
3. Don't call me "IDIOT" again!!!  never4ever

Remove the spaces and it will be your new password. Not too hard to remember, right? But don't just end it with a punctuation mark. It's too easy to guess.

B. Do not use a user name that is close to your domain name!!!!

It is too easy to associate.  If you do now, ask your host to make a new one for you.  Note: If you are using mysql databases, you may need to check the database and username too. Check with your web consultant if you are not familiar.

C. Have a habit to change the password periodically.

No password is strong enough to be used forever.  It is just a matter of time.  Make it a habit now before it is too late.  If your site contains sensitve information, you should change the password at least once a month. 

D. Do not use any names or numbers that appear in your site!!!!

 This is just good hints for the hackers.

In Part II, I will cover the security setting for your site.  Good luck and bye for now!