Hacking Attempts Are on the Rise
The IndieCommerce team has recently seen a sharp increase in attempted hacking activities directed specifically at store administrator accounts. The consequences of a hacker logging into an administrator account on your IndieCommerce or IndieLite site can be dire. To address this threat, we will be implementing mandatory password changes and a number of character requirements for all store administrators beginning in early September 2019. At that time, we will begin to notify stores that they need to make the required changes to their passwords; all administrators will need to change their password. 

Why Are We Making These Changes?
A hacked account can expose you to direct and obvious damage such as defacement of your site, redirecting visitors to malicious websites, costing you valuable time, hurting your company’s reputation, or exposing customers to malware. Your business could also be damaged by hackers inserting malicious code into your site to harvest customers’ user information, passwords, and credit card data on an ongoing basis. Here are a few ideas for you to consider when the new requirements are rolled out this September.

Don’t Reuse Passwords
Don’t use the password on your store website anywhere else. This is commonly known as password reuse, and hackers know that people do this. Dozens of large sites have been hacked in recent years, and bad actors have made off with the email addresses and passwords of millions of users. This makes it incredibly important to use a different password on your store’s website from anywhere else.

Create Strong & Unique Passwords
If you don’t work from a shared computer, you can use a password manager such as Lastpass or Dashlane to help you remember your strong and unique passwords. Here are a few tips for creating passwords that are hard for a bad actor to guess: 

1. Length: longer passwords are inherently stronger. 
2. Complexity: use a mix of lowercase letters, uppercase letters, numbers, and special characters. 
3. Avoid using dictionary words. 
4. Avoid names of family members, pets, and friends. 
5. Avoid city names or landmarks, such as rivers, etc. 
6. Don’t use obvious letter-to-number substitutions, such as ‘E’ for ‘3.’ 

Quick tip: A good start for creating a memorable password is to take the first letter of each word in a favorite quote. 

Please keep these suggestions in mind for the mandatory password changes we’ll be rolling out in September 2019. You can change your password now, but you will need to change it again when we contact you in September. If you have questions, don’t hesitate to email us at [email protected].

For past editions of IndieCommunication, visit this page.