1. passwords the weakest link in wordpress security @brennenbyrne

2. this talk is about security @brennenbyrne 3. a lot of people think security is hard @brennenbyrne 4. a lot of people think security is hard confusing @brennenbyrne 5. a lot of people think security is hard confusing complicated @brennenbyrne 6. a lot of people think security is hard confusing complicated technical impossible frustrating not for you painful infuriating @brennenbyrne 7. but we all know that its important @brennenbyrne 8. but we all know that its important and my job is to make it easy @brennenbyrne 9. hello, my name is brennen (@brennenbyrne) @brennenbyrne 10. Im a founder of Clef (getclef.com) @brennenbyrne 11. for the next 30 mins zombie army two step (logins) ssl password rot what you can do @brennenbyrne 12. getclef.com/cloudflare-webinar getclef.com/wordpress-security-checklist slides @brennenbyrne 13. passwords The weakest link in the security of anything you do online is your password. @brennenbyrne vip.wordpress.com/security 14. its time to talk about the zombie army. @brennenbyrne 15. the old way to break a password @brennenbyrne 16. 2. guess common passwords 1. virus that watches you type 3. advanced interrogation @brennenbyrne 17. in order to defend myself @brennenbyrne 18. 2. limit wrong guesses 1. dont download viruses 3. dont anger enemy nation-states @brennenbyrne 19. but attackers have gotten smarter @brennenbyrne 20. zombie army @brennenbyrne 21. the zombie army is what happens to you when other people download viruses @brennenbyrne 22. their computers become zombies @brennenbyrne 23. sites infect visitors computers zombies attack sites visitors join zombie army bigger army attacks more sites @brennenbyrne 24. zombies swarm and attack your site from millions of different computers @brennenbyrne 25. 2. limit wrong guesses 1. dont download viruses 3. dont anger enemy nation-states @brennenbyrne 26. the zombie army is attackers response to our better defenses as wordpress becomes a better target the incentives for breaking it rise @brennenbyrne 27. two step @brennenbyrne 28. something you something you @brennenbyrne the steps know have something you are 29. the old way of doing this meant: 1. typing your password 2. getting a text with a bunch of numbers 3. typing in the bunch of numbers (google authenticator) @brennenbyrne 30. @brennenbyrne clef, the plugin i work on, skips the password to make two-factor much easier. 31. ssl @brennenbyrne 32. @brennenbyrne ssl = safe safe lock *it actually stands for secure socket layer 33. without ssl, everything is public @brennenbyrne only do stuff you wouldnt mind standing on a table and yelling about in a coffee shop i.e. no passwords or credit cards 34. password rot @brennenbyrne 35. @brennenbyrne your password is strongest on the day you set it 36. 2. more computer power available 1. more time for attacker to crack 3. greater chance youve reused @brennenbyrne 37. passwords pit our memories against computer brute force we are going to lose @brennenbyrne 38. what to do @brennenbyrne 39. @brennenbyrne one weird trick to protect your site from all attacks 40. @brennenbyrne delete it. 41. use two factor for admin @brennenbyrne otherwise install bruteprotect and cloak read wordpress security checklist getclef.com/wordpress-security-checklist 42. getclef.com/wordpress-security-checklist slides @brennenbyrne getclef.com/cloudflare-webinar