undefined | Better HN

0 pointsTonyTrapp1y ago0 comments

Can you please elaborate how it is "asking for it" if we assume the basic auth password is reasonably complex and kept as safe as, say, the SSH login credentials of the same server?

0 comments

3 comments · 3 top-level

cbg01y ago

You shouldn't be logging in to a server via SSH using a user+password combo, instead use a public/private key combo which is considerably more complex and can't effectively be bruteforced like a user+password.

Most web servers don't really come with any built in defense against brute force attempts vs Basic Auth gates, so unless you've set something up to protect it, someone with enough time will eventually get in.

4 more replies

ceejayoz1y ago

I haven’t used it for many years now, but phpMyAdmin was long a source of compromises. Lots of security holes.

1 more reply

udev40961y ago

A password is just plain text, which apart from being bruteforced, can easily be phished. There are so many things wrong with using a password even if it's fairly complex. Instead, stick to passkeys and SSH keys

j / k navigate · click thread line to collapse