More than 30million indifference intrusion attacks occur every month, so it is very important to use strong passwords everywhere. However, it seems impossible to create and remember a unique strong password in all accounts. Can the password administrator help? Or is it OK? It is worth mentioning that it is strongly recommended to use and execute strong passwords on the WordPress website, but not all password managers generate the same password. This is a potential security vulnerability. Hackers can directly enter the WordPress website and steal IDS through indiscriminate college entrance examination attacks. The
Fortunately, there is a way to protect the website, and a secure password manager can be used. Today, we will cover password manager, potential security vulnerabilities, how to protect the WordPress website, and how to provide some of the best secure password manager applications. What is a password manager? The password manager is an application, browser extension, or tool that securely saves all passwords you want to save. As a result, tens (or hundreds!) of people from email, Amazon, and YouTube to ISPs, phone companies, and all other websites There is no need to remember the large number of strong passwords generated for sites. The
Your password is protected by an application that is locked by other passwords you generate. The idea is to just remember this password. This allows you to access all other login credentials and then copy and paste them as needed. Some password managers also have other options, such as dual authentication or auto fill. The login field of the website will be automatically filled with user name and password. Password administrator’s problem password management applications are very convenient, but there are potential security risks associated with their use. This is especially important when using the browser extensions provided by the password manager application that you choose to use. The
If you visit a website containing multiple software, it is vulnerable to CSRF (Cross Site Request Forgery) or XSS (cross site scripting) attacks. Moreover, if you use the browser extension program of the password manager, all passwords may be used without the user’s knowledge. There are countless ways in which this can happen. For example, for past lastpass secure exports, scripts may be inserted into vulnerable web sites to view extensions in visitors’ browsers. If enabled when the user visits the site, the script will display the same notification at the top of the page as lastpass often displays. Session. The
Then, when the user clicks the link, a phishing site that looks the same as the lastpass login page is loaded. The hackers are getting smarter and the phishing websites are becoming more and more difficult to detect. After the user logs in, the malicious site will check the lastpass API for details. If the credentials are correct, the phishing site will request a two-level authentication token entered by the user. The phishing website will check the lastpass API again, and after confirming the details, the login credentials will be automatically sent to the hacker’s server for immediate availability. If the user enters an incorrect user name or password, the script will check the lastpass API. If the details are confirmed as an error, the script will load an error message and ask the user to try again. The
There were other lastpass security issues in the past, providing full access to lastpass RPC commands with internal permissions and access to code execution. In addition, hackers may ignore legitimate messages as their own, resulting in phishing attacks similar to those described above. Welcome to the (unsafe) party. According to network world, lastpass has many vulnerabilities
I am not the only experienced browser based password administrator. Keeper, dashlane and 1Password all experienced security problems. The
For example, keeper has a security vulnerability. The extender inserts a trusted UI into an untrusted site, exposing it to CSRF, XSS and other similar attacks. Dashlane encountered a common XSS security vulnerability. This vulnerability allows a site to attack other sites, including the login credentials of all sites, and XSS express that destroys cookies and user data. 1Password bug also said: \
Except for the network security vulnerability of lastpass, all these problems have been fixed. However, similar security problems often occur in operations that rely on password managers (especially browser extensions). The vulnerability is often found in the password manager that relies on browser extensions. Here we will move on. As we mentioned earlier, many password managers include the auto fill function, which can automatically fill the login form of the website with the correct credentials saved previously. Wired said that this auto fill function is a specific cause of the security vulnerability. The center for information technology policy in Princeton reported that the browser with the built-in password manager had a long-term vulnerability. The
The hacker created a script that can track the automatic filling function of the password administrator and directly steal the login credentials without the user’s knowledge. So far, we have only tracked 1000 sites, but this vulnerability has just begun. Please be prepared. In addition to hits just keep on comein \
If this happens, password administrators will not be able to save users from such threats in the future. If you think \
Password and WordPress website protection fortunately, there are many ways to protect login credentials while online and protect WordPress websites from potential security risks of certain types of password administrators. Even if one of the accounts is hacked, there are ways to protect the password while maintaining the convenience of the password administrator. Do you need to use password manager? Does this mean that password managers should not be used at all when there are security vulnerabilities around them? No, it should be safe. Much better than not at all. In particular, if you commit the crime of using the same password in all accounts… Because no other security layer can be easily used, it is more vulnerable to use out of the box. Using a password manager with a security vulnerability in the past may be disturbing, but it does not mean that it must be unsafe. If a properly supported and frequently updated password manager is used to protect security, these vulnerabilities include:
You can almost rest assured, because you know that the password is secure and will not be cheated by the latest attempts of hackers. Use a secure password manager to help use strong passwords that are less likely to attack hackers through indifference substitution. You don’t have to remember them. For your convenience, they can be safely stored in one place. There is a security password manager, which will be listed later. If one of the accounts is hacked, it can be used to maximize protection. Hackers can quickly change passwords before using your credentials. A secure password administrator is much better than none at all. However, it is not recommended to use the browser extensions and the built-in browser password manager included with chrome. In contrast, the desktop based application option is the most secure, so use. If the application you are using has the appropriate options, avoid using the auto fill feature. You can also save passwords to an encrypted file, and the backup option complements the security password manager you use. If you forget your master password, you can restore your login details by other means. In addition to using the security password manager, there are several ways to attach protection passwords online. Use different strong passwords for all sites you subscribe to. Do not use passwords used in the past. Please change your password at least every 90 days. Do not register on a site that does not have a valid SSL certificate. After you publish security updates, update your browser regularly. Note the browser extensions used. Investigate before installing to avoid malware. Please always check the browser extension program, and remove all things intruded by malware hackers from the results. These malware may infect the browser and computer. Do not use the auto fill feature. always Use powerful anti-virus and malware on computers and mobile devices. Schedule regular antivirus checks. Pay attention to the sites you visit. Do not go to sites without valid SSL certificates. Do not log in to the web site from a public WiFi connection. If your browser supports this option, do not use the auto login feature. You can also encrypt files on your computer using software such as veracrypt or the Mac’s built-in file encryption tool. Because malware can be accidentally or unintentionally ed online or via e-mail, you should be very careful when developing WordPress sites locally. WordPress website protection also has several methods to protect users of WordPress website from malicious exploitation because of the security vulnerability when using an insecure password manager. Protecting a WordPress site helps you: Use SSL certificates on the website, such as the free certificate of let’s encrypt. Enable two element authentication, such as defender. Allow all users to log in using secondary authentication in defender. Use and enforce strong passwords for all users. Use the security plug-in. Do your best to enhance the overall security of the site. For more information, please refer to the ultimate guide to WordPress security, WordPress security: the ultimate 32 step checklist, the ultimate guide to WordPress’s 60 best security resources, and use defender’s new IP locking function to launch indifference intrusion attacks. The best password managers are two password manager desktop applications that are updated regularly to ensure stability and security. Each has different functions and user experiences, and you can try and use the functions that suit you. 1 password 1 pass mentioned above
