Security and Password Protection Made Easy, Simple, Cheap reasonable as long as you follow the effort vs reward formula.

place personal data only with institutions that need it.

We do not keep any personally identifiable information, nor health information, nor financial information on this server - thus we are not a target. ROOT ACCESS is not currently allowed by any remote terminal or shell to this server.

Cracking a password WAS a daunting task.

It is no longer as hard as it was. Password cracking that is both hashed and encrypted is now an easier effort.

PASSWORD BREAKING IS ALWAYS A MATTER OF EFFORT VERSUS REWARD.

This server system for personel requires both a key and a password for access and has never been 'cracked'. Your password to your account will be hashed on your end, encrypted for transit and rehashed on the server end.

Password is never stored systems - only the algorythym result is stored.

The BEST password protection is

  1. issue prepared key
  2. hash it on your end
  3. re-encrypt with prepared key for transit
  4. unencrypt to hash value at destination
  5. hash again at destination and store or compare
Using a program like PASSWORD AGENT is good because you never need the keyboard. PASSWORD AGENT also deletes the copy-paste buffer on copy-paste.

It would be virtually impossible for even a locally placed spyware to get your pw unless the nsa+microsoft system design uses a password box reader - pretty easy to do on their end actually since obscuring the passord in an entry box is just a matter of making the real characters look like asterisks because at some point the operating system has to know your password prior to the hashing and encryption.

  • the KEY protects in transit
  • the HASH protects storage

Understand that to crack a password of random characters, you actually have to perform a test of every result since any evaluation of the crack attempt is not a recognizable word.

CHANGING YOUR PASSWORD

If you suspect your account was broken into, or you just want to change your password for any reason, you must click the CHANGE MY PASSORD link on the login page, then you will be offered to enter your email address, then you will receive an email with a link in the email that will ONLY THEN stop access to your account AFTER you click that link. That way, vandals cannot simply block your account with just a request.

AGAIN, you must click the link provided in the email to stop access to your account with the existing password.

AT THAT TIME you will then be offered to enter a new password which will be hashed and encrypted before transitting the internet to the server.

"Website cookies are used to save session information when a person visits a website. Popular implementations include saving shopping cart information at ecommerce websites and session data at financial websites."

  • WE DO NOT KEEP FINANCIAL DATA ON THIS HOST
  • WE DO NOT USE COMMON SHOPPING CARTS
  • WE DO NOT USE PUBLICLY AVAILABLE ERROR MESSAGING THAT REVEALS DEBUG INFO
  • WE DO NOT USE ERROR MESSAGING THAT WE CANNOT CONTROL

"Many banking sites protect against faulty implementations by using random session data to protect individual users." http://searchsecurity.techtarget.com/news/1520252/Hacking-tool-exploits-faulty-AES-encryption-implementations?asrc=EM_USC_12547523&track=NL-105&ad=787382 RANDOM SESSION DATA. WE DO THAT. WE DO NOT USE MISCROSOFT, ASP, DOT.NET, Ruby on Rails.

references
http://www.php.net/manual/en/function.pack.php
http://perldoc.perl.org/perlpacktut.html
http://hector.co/node/4
http://hector.co/php/bin2str.php


copyright Global Internet Hosting.com 2013