Password changeing and other cleanup

We’re hidding towards the end of the year and there has to be some leanup to be done, here on the blog and on other places 😉

Talking about changeing passwords we should recall shortly what is recommend for quite safe passwords:

• at least 8-12 characters mixed with capital letters adn added by the some special characters
• choose a different password for every account
• change your passwords regularly
• Choose a user with very low privileges to the system

Maybe you probably know from older post here on this blog i use the KeyPass password safe for quite a long time now, because keeping different passwords for every account is pretty hard. Since Key pass is available for Windows and Android systems the app fit my needs.

Passwords can be generated with different lenght, like 128- or 256-bit lenght, additionally you include or exclude certain characters or nummbers if you like. With this setting up new passwords for your accounts is pretty easy.

In the older blog post i already mention the 2 factor authentification, which offers additional security by a second token normally a PIN code, which is send via EMail or SMS. Meanwhile there has been some development, and i installed the  Google Authenticator Plugin for securing the admin logins of my blogs. Securing the admin accounts for your blogs only can also be done with a  .htaccess file, adding an additionla login for the admin user.

To activa a 2-factor login the plugin presents a QR-code for scanning with the app. A lot of apps generate backup codes which should be stored in a safe place, just in case you don’t have access to your smartphone.

The screenshot shows the safeguarding with  DropBox, but of course this works with Google or  WordPress.com and many other services.  Twitter only depends on sending the additional code via SMS. Most of the applications offer setups to avoid asking for the additional pin code on secure and trustworthy devices, like your desktop pc.  So additional security is easy to handle and its even possbile to risk a admin login from a pc in a internet cafe or your hotel, because the additional code is valid for a certain time only, but don’t forget to log off on these systems 😉

I been using ownCloud for a while now, but ownCloud disadvantage is the update to the next version with a browser simple doesn’t work ad lead into a complet re-install in one case. So i decided to switch to the sister project  NextCloud . Migration to the most recent version could be easily done. The most recent version 10.0.2 had one problem only, they check the inernal version numbber against the  config.php file. After changeing the version number in this file the update process worked out without any problems.

NextCloud emerged from a ownCloud fork and so far both systems don’t differ that much, so so far i didn’t have any problems. We just have to wait and see how the upgrade to version 11 works out. And Nextcloud supports 2 factor-authtentification out of the box 😉

Maybe i decide to switch to hardware token for my logins like  NitroKey.

We’re almost with the cleanup.  all-inkl.com informed me that older and not supported  PHP versions will be cut off in the near future. PHP is a very powerful script language and is running on a lot of servers on the internet. So i switched my blogs oto PHP version 7, only one plugin did make a little bit of trouble, so i deactivated the plugin.

This was my cleanup for the end of the year.

There will be no last week review 51 because of Christmas, so all there is to wish to you, your families and your friends is a

ciao tuxoche