The level of welcome we offer on our websites is always an interesting discussion that quickly boils down to our basic beliefs around security. This week I'm been particularly reminded of this as I've been installing security software and SSL certificates on a number of the sites that I've built and manage for clients.
Now, the US Administration aside, its become quite clear to me that websites and servers are pretty much under constant attack. My home church recently recorded our 20,000th unauthorized access attempt. Happily in the 3.5 years since we built the new website none of those attempts has been successful.
Why, you will ask, would anyone want to compromise a local church website in my part of the urban landscape? There are the malicious reasons that are particularly anti-faith - to post information, materials or images that are contrary to the church's belief. There are malicious reasons that have no particular axe to grind on the belief front - they are after our resources - not money, servers (the computers that have the website information and connect the website to the internet).
A compromised website can quickly lead to a compromised server and a compromised server can just as quickly become the tool for malicious attacks against much more lucrative targets than the local church.
A compromised website can quickly become a cyber attack...
You may remember this past fall when the company called Dyn was attacked and that shut down a number of well known websites like AirBnB®, CNN®, and Twitter®. That attack came about because wireless-enabled baby monitors, cameras, printers had no security applied and were open to being compromised.
Church websites are not much different. In many cases, simple passwords and standard common usernames are employed for reasons of convenience or because they are easily remembered.
Those are not good reasons.
Remember that compromised church websites are really tools to be used to achieve other purposes. So if we were to create more complex passwords and usernames the bulk of attackers would move on to other sites that haven't taken these simple precautions. Why? Because the more time spend trying to get into your site is less time available to do damage to his/her real target.
More characters = more secure
Greater diversity = greater security
Different cases, symbols, numbers = better security