Is GoDaddy Safe???
How to tell if any site is absolutely unsafe to trust
Another seemingly trustworthy site is in the news today. GoDaddy has been hacked. If you currently, or ever did host a website there, should you be worried?
If they’d hired any responsible person with only thirty minutes of training in web security, and put that person in charge of running their server security operations, you probably wouldn’t have anything to worry about.
Why? Because the first thing you learn about server/database security is that you never, ever, ever store passwords as plain-text fields.
What is Plain-Text?
“Plain text” means directly readable, just like these words you’re reading now.
It wouldn’t matter much if your password was 12345 or %Y9<tsO$5! – if it’s showing up as plain text, anyone could just copy/paste your password.
Even everyday content management systems such as WordPress, default to one-way encryption for passwords. That means that not even the server administrator has the ability to decipher your password.
Even if you don’t reuse passwords (but I’ll bet that you do!), seeing just one password can give a dedicated hacker enough clues to eventually guess another password.
Once into your email account, they can request a “lost password” to take control of your online banking or shopping accounts, etc.
Storing passwords as plain text would be like a bank storing your cash on open shelves, available to the public!
How To Tell
How can you tell if a site is not properly encrypting your passwords? If it won’t accept any length and any combination of symbols, etc. – then it’s likely not using a safe encryption method.
You see, modern password encryption formulas allow unlimited lengths and absolutely ANY combination that you can type from your keyboard. You should be able to type the entire collection of Shakespeare’s works, if you like.
Do not trust any organization that doesn’t allow such passwords.
But how would you keep up with long, random passwords?
It seems that every major password storage site has been hacked multiple times. But there’s no way the average human can memorize dozens of long random passwords – let alone a 75 year old semi-retired web developer like me!
The solution would be a password site that does not store passwords – that way there is no database that can be hacked.
But how would it store your passwords? Answer: It would NOT store your passwords. It would COMPUTE your passwords from your “key”.
Which Password Site is Safe?
I created Password-Machine.com for my family to use after a couple of relatives got hacked. The way it works is you have just one “key” for all your passwords. Your key can be any word or random characters that is short enough for you to remember.
I decided to make it freely available to the public, since there’s a huge need.
You enter your key in the first input field and the site you want the password for in the second field. Then you press the button and “presto”! You now have a safe, 15 character, random password just for that one site, that you can copy/paste into a login form.
You can use the same key for every site, so that you don’t have to memorize a bunch of passwords.
Nothing about you gets stored on Password-Machine.com. In fact, there is no database or file storage at all! Nothing to be hacked.
Even if a hacker somehow got the code files, it wouldn’t help them to hack you unless they knew your key and how you entered each site. For instance, do you include the “.com” part or not? Do you capitalize the site’s first letter or not? Do you add the first character of each site to your key? Etc.
Besides, how would they even know that you’re using password-machine.com?
Password-Machine is a great tip, but if you get nothing else out of this article, do remember that any site that restricts what you can use for a password (besides minimum length) is probably not safe.