Category Archives: Development

Password Security Tips

Failed Login Attempts Steven

Failed Login Attempts Steven

I don’t claim to be an expert in the field of passwords but I have always followed some basic rules. Rules which a few websites have found causes issues for their systems but more on that later. I was recently discussing passwords with a few people and they were moaning “These days you have to have capital letters, numbers and punctuation and more craziness, different passwords for each site and how do you even remember them all.” to which someone said “I used the same password for everything, a pets name (pronoun) and and a date near enough for them”, it was bizarre. Most agreed that they used a similar formula to the above, so Spot1966 or something. 

The similar formula being a Name or Word followed by a Date, usually Year, which makes it so easy to work out and should a system be compromised which has stored more information you could be in trouble, if they get your password and email its double dodo. This prompted me to write this article with my unique take on the matter.

The above image is the login attempts for my blog, I don’t know what time frame WordFence tracks if its weekly or monthly, but that’s with the login page being hidden, not standard, with captcha enabled and a hidden field. Without those steps it used to be 1,000s of attempts. Password Security is Important.

For the purpose of this article I’m going to assume your password is Password, and show you how to evolve this into something really hard to crack. I wouldn’t recommend using password by the way even with how hard we’ll make it to guess.

Custom Language

I work on a basic set of rules which makes up my own custom alphabet, which incorporates L33t Speak, Text Speak and Abbreviations (Ininitialisms), and mash them into a mnemonic or sorts. I don’t mix and match them as I go, I chose a set of rules and stick to them. Its hard to explain without telling you my exact combination so I’ll give you a character map of sorts, lets start with an alphabet.

Hacker Screen

Hacker Screen

L337 $p34k

A = 4 or @
B = 8 or 13
C = { or (
D = l) or I)
E = 3 or £
H = I-I or l-l (i or L)
I = ! or l (L)
K = I< or l<
M = lvl or /\/\
N = l\l or IV
O = 0 or ()
P = []o or 9
Q = O, or &
R = 12 or l2
S = 5 or $
T = 7 or -l-
V = \/
W = \/\/ or []v[]
X = >< or *

You’ll notice I have used Uppercase i and Lowercase L, or ) and }, other times I have provided 2 different options 4 and @ for A as an example. Choose 1 and stick to it, otherwise you’ll end up confused, and forget your own unbreakable password.  

Password can now be 9@$$VV012I) in full L33t speak or 9a$$w0rd in a sub-set, or P@$$wOrd, thats a capital P and Capital O, like I said pick and choose which letters you want to change, and use them every time. I would suggest 2 vowels and 6 consonants, so in Password I chose AOPS to change, so I would always change AOPS in other words too. 

One issue I had was, one website I used didn’t allow special characters as the first letter, so my password started with an $, it caused so many problems with half the website accepting and half not. The password were so complex not even the system accepted it heheh 😉

Initialisms

This is where the magic happens to take your password to Password 2.0, the next level. These are nearly unbreakable passwords, and they employ an old learning method called Mnemonics and Initialisms, that is a sentence shortened to an Initialism, you should be careful not to let your mnemonic/initialism become an acronym, you don’t want it pronounceable. 

I often chose a quote from a film or a poem, “A rose by any other name would smell as sweet.” for example. This would give you Arbaonwsas (Google this, its known, don’t use it) which is already a bad ass password (but maybe in some word lists), now lets L337 speak it to the next level. 

A rose by any other name would smell as sweet = Arbaonwsas = @rb@0nw$@$ = @12840IV\/\/$4$

Make it as complicated as you wish, you may have noticed I switched from @ to 4 for my letter A, that’s because I chose to use @ for Capital A and 4 for Lowercase a just to make it even harder. Remember your new alphabet, use it. 

Text Speak

You can throw a little Text Speak in too, I generally only use a few pieces, just to mix it up. If my Sentence or Quote has the words Are, You or says OK or similar, I will employ some text speak like:

Are = r
You = u
OK = k

You Talkin’ To Me ? You Talkin’ To Me? = Ut’2m?Ut’2m? = U7’2IvI?U7’2IvI?

Try your own, I always try to not choose something that’s massively popular and go for someone from a film or book I enjoyed and then L33t it, Text It and Mnemonic it up to the next level of unbreakable password. 

Hopefully this has been helpful, I have included some random words below to help you get the idea. 

Angel = @ng3l
Coconut = C0c0nu7
Steven = 573v3N
MobilePhone = M0b1139h0n3
Speaker = $p34ker
Laptop = L4pt0p
Mother = M07h3r
Sports = 5p0rt5
WordFence = W0rdF3nc4
Twitter = Tw177er
WordPress = VV0rd9r3ss
Computer = C0N\9u73r

Really make it as complicated as you wish, take a peak at Ashley Madison Password List and be sure you don’t use similar names. 

PHP Security Cheat Sheet

Following on from the Photoshop Cheat Sheet post, I figured I’d make it a series of posting the cheat sheets I use almost daily or at least when I use certain programs. This PHP Security Cheat Sheet by SK89q has been next to my Computer for quite literally years. I almost don’t need it, I know it so well but as a check list its always worth reading over to be sure I missed nothing before releasing an application to the public.

You can see more up to date stuff on OWASP but I like this check list better, the OWASP Cheat Sheet Book (Website) is an amazing thing to have a good read of on a whole manner of geeky subjects.

PHP Security Cheat Sheet

PHP Security Cheat Sheet

You can click the picture or right click it to save a big version of it, hit escape to close the image as its a high resolution image.

WordPress Stuck in Maintenance Mode

Working on a new project recently with some custom plugins and the likes has caused a few shall we say glitches. A recent upgrade crashed half way through, well the database locked erroneously resulting in the website being stuck in “maintenance mode”.

DANGER, DANGER, RED ALERT!

Maintenance Mode

Maintenance Mode

Don’t panic, this is very very easy to solve…

A file called .maintenance (notice the . at the start) is created automatically by WordPress whenever you update WordPress, Themes or Plugins. This is created to effectively shut WordPress down so it can update cleanly. Once the update is completed successfully the .maintenance file is normally deleted.

There is a small obstacle, its IMPOSSIBLE to delete it via the wordpress admin (wp-admin) area of your website. You will need to access it via your web hosts file manager or via FTP.

HOW TO ACCESS THE FILE MANAGER

File Manager Options

File Manager Options

I use cPanel so the following steps will be done using that, and since its the most popular admin panel, the odds are high you’ll be using that too.

  1. Login to your host cPanel control panel.
  2. Scroll down the page to where it says File Manager and click it.
  3. When the Option Box (right) pops up, be sure select “Web Root” and next tick “Show Hidden Files (dotfiles)”.
  4. Scroll down to find the .maintenance file, it will usually be next to .htaccess, which is often the first file after the folders.
    *Be sure to note the .(DOT) before .maintenance.
  5. Select the file so its highlighted and hit Delete (Big red X).

How simple were that ?

 Alternative Methods via FTP

It can be done via FTP but that often needs a 3rd party application install, and configuring, using your web hosts control panel is something almost all website owners have access too.

Protein Snacks

Protein Snacks Screen Shot

Protein Snacks Screen Shot

A project I’ve been working on (not finished) which is related to one of my own personal ‘struggle’ and goals. The details aren’t that important but in short. A recent iDXA / DEXA Scan at Derbyshire University revealed I had exactly 86.419kg / 13st 6lbs of lean muscle mass (no bones/fat/etc included). This helped me set my macro-nutrition / diet quite accurately on my quest to get BEEEEEFCAAAKED. Again cut short this means scan means I’m aiming at 45g* protein per 6 hours so as to distribute my intake through the day. It’s hard work finding good sources, with the right nutritional balance (skewed to protein).
*These numbers are based on my own research, activity levels, body composition and conclusions, so do your own research for your numbers, maybe in a future post I’ll go deeper in to it.

Flexible Protein

This brings me neatly to the issue of finding flexible methods of getting the protein in without massively blowing the other macro’s. Overloading carbs is easy as ummm cake, overloading the fat is almost as easy. I buy biltong, jerky, protein bars, RTD shakes, protein gels and all sorts of good snacks when getting a balanced meal isn’t possible. Which with a busy lifestyle is quite common, you know the drill, your hungry, you buy a bag of crisp or chocolate bar or something else, this site is about NOT going that way.

Just for an example…

Lion Bar 43g has 205kcal, 9g fat, 29g carbs, 2g protein, 80mg of sodium.
DynaBar 43g has 180kcal, 6.9g fat, 17g carbs, 14g protein, 50mg sodium.

The Protein Dynamix DynaBar has 1/3 less fat, sugar and sodium, 7 times more protein, this isn’t the best macro split, but given the very close taste, the Dyna is 100% a better option.

So there we have it, how my new project can and will help myself and others in the same boat.