Author: Edward Thomson

Creating better passwords

Creating better passwords

TL;DR: use a password manager.

Allow me to suggest Password Safe ( Forgive the lack of design on that website but the product is free and was created by security expert and cryptographer Bruce Schneier.


Password Memes

Everyone has undoubtedly seen the memes that illustrate our common frustrations in picking a password for a new account. A new website has gone live and everyone is racing to join it and try out the new service. There is a large fear of missing out (aka #FOMO), but you may need to pick a username that hasn’t already been taken. John1 has likely been taken even if you’re an early bird, but in the case where you just have to use your email address as your username there is always the dreaded next step of choosing a password. We scratch our heads and feel the sensation of guilt when our brain falls into the groove of recalling our favourite password.

Password meme
The struggle….

I will outline the usual problems with password creation and storage, and then make the case for password managing software. My aim is not to complain about bad behaviour nor chastise anyone for having a weak password. We’ve all been there. I’ve even typed passwords into group chats: “MyCompany789!$”. Oops! I’ve had a few moments of embarrassment while I frantically change a terrible password that I shared with everyone.

This is a non-technical article and should be readable without any specialist knowledge! This is intended for everyone and to help improve real world security for people in their personal and professional life.

Read More Read More

Setting up a secure Linux web server

Setting up a secure Linux web server

Goal: by the end of this guide you should have a reasonably secure Linux web server.

Part of the reason I set up this was to improve my understanding of creating a secure website. I know how to assess a website for security problems but I didn’t have as much practical knowledge on the implementation side. As I worked through various online guides and books I decided that it made sense to document what I was doing and then share it here.

I could have just created a static website made purely from HTML and congratulate myself on having a secure server, but there are almost no real world scenarios where this is useful. Most people want a feature and content rich website which is also secure.

Many of the principles apply equally well to Microsoft IIS servers but from my own personal perspective going the Linux route is easier.

Secure server
Securing a server

[Currently a work in progress]


Read More Read More