Page 2 of 2

Re: HTTPS subdomain to HTTPS domain

Posted: Wed May 26, 2021 1:41 pm
by 0verzeal0us
I wouldn't use WP but again, I'm cheap and £1 for a domain with hosting is good value.

I could host a non-WP site myself but I'm not keen on poking holes (even VPNs) in my home network if I don't have to. You'll be pleased to hear that I have a single user with a 72-character password with MFA. The user is also NOT administrator.

Re: HTTPS subdomain to HTTPS domain

Posted: Fri May 28, 2021 6:28 am
by darkdeamon
That's more paranoid than me.
I hold the 365 global admin account at work and that's a 32 character passphrase plus MFA (I can remember it and don't store in my password manager 😜🤣)
My Google Auth app has over 40 authenticators and I have an encrypted password protected folder with all the backup codes

Re: HTTPS subdomain to HTTPS domain

Posted: Fri May 28, 2021 8:40 pm
by 0verzeal0us
Well someone is trying to log in so I thought I’d fuck them off by giving them the most ridiculous password ever!

Re: HTTPS subdomain to HTTPS domain

Posted: Sat May 29, 2021 2:18 pm
by darkdeamon
We are running hybrid 365 and still have a few hundred users running on the on-premise that are either awaiting migration (1 company left but they are a problem child) or the companies are winding up so there's no point migrating them.
We are seeing anything between 500-4000 brute force attempts per day against the remaining accounts. It's crazy!
As for the 365, we're having to roll out MFA to protect the users accounts which is going down like a case of the shits in a crowded lift!

Re: HTTPS subdomain to HTTPS domain

Posted: Sat May 29, 2021 5:23 pm
by 0verzeal0us
We use Duo for remote desktop (just because you only have to sign in once) but then we haven't migrated many users into Azure AD. When we do, we'll use Microsoft Authenticator. Our insurers have said we need to have Duo for our admin accounts which is fine except they insist that we use it whilst on prem too.