It’s no longer breaking news. It happens everyday. I personally have never had one of my sites nor my clients’ sites hacked. But I try to stay on top the latest technologies and methods of hacking into SQL based websites and try to prevent anything from happening.

However there is a very fine line between being annoying and being prepared. What are you willing to sacrifice? I usually have to sit down on a regular basis and explain to my clients

“Would you rather have your website hacked and defaced and possibly blacklisted by Google¬†or use your convenient password name1232?”

Or something to that effect.

So I think I’ve decided to begin enabling 2-factor authentication for all my sites & client sites (likely Google authentication or Duo-Security). Or at the very least, I’ll start with accounts that contain administrative roles. But in the hacking community all you need is a low level login to get you started…

So I will eventually get everyone switched over to 2-factor. If a client says they do not want the 2-factor, then I’m going to start having them sign a waiver that they understand the risks. I realize that 2-factor authentication isn’t an end-all-be-all, but it’s a start.

Featured Image courtesy of pixelcreatures