skip to content

Latest News

Chirp is now a domain name reseller

As of today we have registered as a domain name reseller for Australian and International domains. If you have previously...

Google Chrome Now Labels HTTP Sites as 'Not Secure’

As of today the latest version of Google Chrome will display "Not Secure" in the title bar for websites not using HTTPS....

GDPR Statement

The General Data Protection Regulation (GDPR) regulation came into force on 24 May 2016 and will apply from 25 May 2018....

News RSS Feed

more news

New Password Policy

27 November 2017

A lot of you will be familiar with a password policy that involves:

  • a minimum number of characters;
  • at least one lowercase character;
  • at least one UPPERCASE character;
  • at least one number; and
  • a special character, for good luck.

What you may not know is that this was never a good policy and that it's implementation has resulted in a cornucopia of easily hackable passwords.

In implementing a new policy, we found that most of the vulnerable passwords in our system take the form:

  • Donald123!
  • Password01
  • Star1234

The issue here is not that someone can 'guess' your login. That is unlikely as we allow only a small number of tries before blocking an IP address from further attempts.

The issue is that if the password hashes that we store are ever exposed, a simple brute-force approach will give hackers access to email address and password combinations which they can then try on other systems.

In recent years there have been any number of high-profile hacks/leaks, from Yahoo and LinkedIn to MySpace and Dropbox, with millions of user accounts exposed.

To get ahead of the problem, our new password policy uses open source libraries to validate and measure the strength of a password, rejecting low quality passwords, and providing user feedback in terms of a password strength score from 1-100.

These libraries, being open source, will update over time to counter any emerging vulnerability patterns.

So what makes a good password?

  • a sequence of words, with spaces;
  • the first letters of words from your favourite song or quote;
  • a completely random string of 10-12 characters;
  • using a password manager.

For more information on what constitutes a good (or bad) password policy, please refer to the link below.

Related link

CPU Vulnerabilities: Meltdown & Spectre »

« SSL Upgrades

< news archive