editione1.0.0
Updated October 9, 2023You are going to see the phrases “unique passwords” and “two-factor authentication” so much in this book that you will start dreaming about security. It is probably no surprise that protecting the accounts used to manage your domain, servers, and website content are important. Attackers often break into unsecure websites by simply guessing passwords, re-using leaked or stolen passwords, or brute-forcing their way in. You already know the best defense against this is a unique password for each account, and adding a second authentication step in case that password is lost.
This is a case where having a team password manager can come in handy. You might be getting help from others on the team to manage your website. Most of the time, website management accounts only allow you to have a single user, or in some rare cases they may charge you per user.
True, sharing accounts can be risky. But when it comes to setting up a website, you might not be using those accounts all the time. Sharing a single account is a great way to save cash. The safe way to navigate this is to create a unique password, and store it in a shared folder or vault in your password manager. If you picked a good password manager, you can also use the 2FA that is built into your password manager. So you can keep your account secured, and also get help from others in managing it.
The next step of protecting your website is to turn on automatic operating system and software updates that will both prevent attacks and also help you recover in case something goes wrong. While there is the risk of an update causing a bug or issue, it is one less thing you have to think about or make time to do. For most websites that lack technical complexity, automatic updates are pretty low risk—unlike an unpatched website software that is relatively high risk.
Your website and its content is simply made up of many lines of code. More often than not, that code is not perfect. Think about it like building a fence. Anyone can go down to the hardware store and get wooden planks and make a fence. You don’t have to be a builder to do it, you just need some tools and have an idea of what you are trying to make. After making a fence, you need to maintain it. Maybe you built it to a certain height, but now there is a new neighborhood dog (or threat) that can jump it (or bypass the security of the fence). Or maybe the weather has taken its toll and over time the fence has fallen apart and caused gaps to show up.
The software you use to build your website is the same as the fence. You have to keep the software up to date to manage any new security holes that are found and also to maintain the code base it is built on. Updates for you are less about the flash new features, and more about maintaining security.