" DuoSecurity Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘DuoSecurity’

Securing WordPress. Protect your Site or Blog from Escalating Attacks!

Thursday, July 11th, 2013
For a deep dive, see our white paper: Securing WordPress

WordPress is used by about 15% of the top 1 million web sites on the web and manages about 22% of all web sites as of August 2011.  It has only been growing since then.  Indeed, a large fraction of our hosting clients use WordPress, as does LuxSci for many different applications (e.g. blog, server status, video blog, etc.).

Unfortunately, WordPress has a history of being attacked, having significant security vulnerabilities, and being a source of security pain for web site administrators.

Things have gotten markedly worse recently:

  1. Bot Net Attack:  Wordpress sites all across the Internet are being attacked by a botnet that is attempting to guess administrative and user credentials by brute force.  This is compromising sites and causing significant load on web hosting servers.  This attack is “light” now, but expected to get only worse says CloudFlare, a cloud security firm. Indeed, LuxSci.com sees these attacks constantly on all WordPress sites that we host. We have measures in place to auto-block IP addresses that appear to be attacking WordPress sites; however, as the attack is coming from more than 90,000 different, unrelated IP addresses, they are hard to block outside of WordPress itself (see below for how to block them). These attacks are going after “wp-login.php”, the user name “admin” and trying the most common 1000 or so passwords.  Besides that, the sheer burden of the massive, if simple, attack is straining web hosting servers across providers.
  2. Vulnerabilities: Most problems with compromised WordPress sites arise due to vulnerabilities in the WordPress software or installed plugins.  Vulnerabilities are continuously found and corrected and new versions of the software released.  However, the vast majority of WordPress sites do not update their software, or seldom update. Attackers troll the Internet looking for outdated WordPress installs and then attack them with known vulnerabilities to gain control over these sites.  With more and more WordPress sites out there, there are more and more sites that are not keeping abreast with security updates.  They are ripe for the picking.
In this article, we discuss the best practices for securing your WordPress site.  Wordpress is a great tool if used properly.

Read the rest of this post »

Protect your LuxSci Account with Two-Factor Authentication and Other Barriers

Thursday, May 23rd, 2013

Two-Factor Authentication (supposedly patented by Kim DotCom)– using a password plus “something else” to gain access to your account and to prevent lost, stolen, or guessed passwords from impacting you — is finally becoming fashionable.

First, it was a cool idea, then some places such as LuxSci started supporting it, but it was rarely used due to people not wanting to bother with an extra step to login to their accounts.  Now, with Twitter adding 2-factor authentication to help stem the tide of account compromises, security is now fashionable.

This turn about is really fantastic as it brings security consciousness much more into the mainstream — so much so that popular Radio hosts are talking on the air about how to secure accounts.  This can only be good for the adoption of better security practices overall and a decrease in compromises due to laziness … and in cases like HIPAA, laziness can be a terrible thing.

In this post, we’ll go over how to secure your LuxSci account against intrusion using Two Factor authentication and other methods.

Read the rest of this post »

DuoSecurity Two-Factor Authentication for LuxSci Mobile Site

Monday, March 26th, 2012

LuxSci’s Mobile Site provides fast, convenient, simplified, and secure access to LuxSci user email, WebAides, support, documentation, and more.

Mobile Site now supports the use of advanced Two-Factor authentication via LuxSci’s integration with DuoSecurity.   DuoSecurity Two-Factor authentication is very slick and featureful beyond LuxSci’s basic Two-Factor option of sending a token to your phone or alternate email address on each login attempt.

Read more about DuoSecurity: Advanced Two-Factor Logins for LuxSci’s Web Interface.

DuoSecurity: Advanced Two-Factor Login for LuxSci’s Web Interface

Friday, December 30th, 2011

Two-Factor logins require users to

  1. Enter their username and password properly (the 1st factor)
  2. Authenticate a second way (e.g. by entering a code delivered to their mobile phones).
Use of two-factor authentication ensures that even if a user’s password is discovered, guessed, or captured, a malicious user still cannot gain access to the user’s account … at least not without also having access to the second factor.
Two-factor authentication significantly enhances the security of any system:
  • LuxSci staff use it for all administrative actions both through our web interface and at the server command line.
  • It is required for PCI compliance
  • It is good for HIPAA compliance
LuxSci has long offered a simple and effective Two-factor option for its web interface.  Now, LuxSci also supports DuoSecurity Two-Factor authentication with its web interface.  This option provides many advanced user and administration features and is very cost-effective (usually free) for small organizations.
LUXSCI