Secure your Online Accounts with Strong Passwords and 2FA

A 2020’s survey by “Digital Guardian”, reveals that an average person “owns” a few dozens of online accounts. Therefore, they have to maintain these online accounts and usually remember, numerous passwords for social media, online shopping, financial and email accounts.

Secure your Online Accounts

Weak Passwords

People usually use weak passwords or even the same password across various platforms for flexibility, which is completely wrong, because in case of a single account compromise, an attacker can use the same password to login to all the victim’s accounts. If the target uses a weak password, it makes the attacker’s life easy.

An attacker can easily “guess” a weak password, by using brute force, or dictionary attack techniques. Examples of weak passwords:

  • password is same as the username
  • password is comprised of your name or surname, or even family’s member name
  • you generate a password using birth dates, pet names, telephone number, etc.

Password cracking techniques, such as Brute Force Attack, Dictionary Attack, or even Social Engineering, can be utilizes to easily crack a password.

Weak password

Strong Passwords

To protect from attackers, users must enforce strong passwords. A strong password can be a combination of lowercase and uppercase characters, a special character and numbers. Its length should be over 15 characters, if possible.

Passphrase instead of Passwords

A user can use a passphrase similarly to a password. The more the length, the better. For instance, the phrase: “I believe I can fly!”, contains 20 characters, including spaces and a combination of uppercase, lowercase and a special character. You can easily change this phrase to “1 believe 1 can fly!”, to include numeric values as well to make it a very secure password and simple to memorize.

Strong passwords

Password Length VS Complexity

Jason Fossen, states that adding more length is better than adding more complexity. In his spreadsheet, he displays the maximum days need to crack a random passphrase, in relation with the character set used in that passphrase. A password comprised of sixteen lowercase characters, statistically needs more days, to be cracked than an eleven characters password comprised of lowercase, uppercase, numbers and symbol. The first one would be much easier to memorize, as well. Different passwords should be used for every individual account.

Password Managers

Password Managers come as the solution for the password memorization problem. KeePass is an open source and light-weight password manager that can do the job at home and at work as well.

2FA

2FA or Two-Factor authentication or MFA, provides an extra layer of protection for your online accounts, by involving an extra mechanism of proving user’s identity. It is not impossible to hack an account with 2FA enabled, but it is extremely difficult. “The Verge” posted an excellent article on how to setup 2FA on your online accounts, which includes guides on enabling 2FA across the most popular platforms, such as Amazon, Google, Microsoft, PayPal, etc. Microsoft states that 2FA can block over 99.9 percent of account compromise attacks.

Analyzing web server (IIS) logfiles with logparser

A useful tool to analyse IIS logilfes is Log Parser, a versatile tool that provides universal query access to text-based data such as log files.

Below are a few examples of Log Parser commands.

Number of hits by an IP address, sorted by number of hits, descending.

logparser "select c-ip, count(c-ip) FROM '1.log' group by c-ip order by count(c-ip) DESC"

Number of hits by an IP address, sorted by number of hits, descending, with output to a file.

logparser "select c-ip, count(c-ip) INTO results.txt FROM '1.log' group by c-ip order by count(c-ip) DESC"

Traffic generated by an IP, sorted by number of requests

logparser "select c-ip, count(c-ip) as requestcount FROM '1.log' group by c-ip order by count(c-ip) DESC"

Traffic generated by an IP, sorted by number of requests

logparser "select TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time), 3600)), count(*) as numberrequests from 'L:\tmp\lll\191\u_ex151110.log' where c-ιp='23.253.238.9' group by TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date,time), 3600))"

Disable SMBv1 with PowerShell

Disable SMBv1 with PowerShell: One will need to disable SMBv1 all over the network and an easy way of doing it is using PowerShell.

If you are getting rid out of SMBv1 and you haven’t read my previous article, Disable SMBv1 with Group Policy, please check it out., especially if you want to disable SMBv1 on an entire domain.

You will need PowerShell 2.0 or later for the following commands and restart your machine after running the commands. You will need to run the commands for Disable SMBv1 – Server and Disable SMBv1 Client, on both Windows Servers and Clients editions. Always have a backup before changing anything. At the bottom of the article you will find the commands to enable it back, in case something broke. As I mentioned in my previous article, if you are still running  Windows XP / Server 2003 in your network, don’t do it, because these old and expired versions of Windows do not support anything above SMBv1. In case you are wondering if

Disable SMBv1 – Server

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 -Force

disable smbv1 – client
  • For Microsoft Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 and Windows Server 2012:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi  #not needed for Windows 8.1 and Windows 2012 R2
sc.exe config mrxsmb10 start= disabled

  • For Windows 8.1 and Windows Server 2012 R2:

sc.exe config mrxsmb10 start= disabled

Disable-SMBv1-with-PowerShell-01

On Windows Server 2016 and Windows 10 you can completely uninstall SMBv1 support, with the following PowerShell commands:

Remove-WindowsFeature -Name FS-SMB1 #Remove SMBv1 Server support
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol #Remove SMBv1 Client Support

On Windows 8.1 and Windows Server 2012 R2 you can run the check Server configuration PowerShell cmdlet to see enabled / disabled SMB versions and more:

Get-SmbServerConfiguration

Read more about how to disable or enable any SMB version at How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server

To enable back SMBv1 in case something broke with the previous commands:

SMBv1 – Server

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 1 -Force

SMBV1 – Client

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi  #no need to run this for Windows 8.1 and Windows Server 2012 R2
sc.exe config mrxsmb10 start= auto