Microsoft Office Tutorials and References
In Depth Information
This may seem obvious, but password security is commonly overlooked by many
people. Your Drupal password gives access to the administration area of Drupal,
which could allow someone who obtained it to completely destroy the store as well
as obtain and potentially abuse customer data.
Weak passwords can either be guessed or obtained by "dictionary attacks" on a user
account; dictionary attacks are an automated process where a computer program
tries words from a dictionary list in the hope that one of them is the password. We
took steps to prevent this by installing the Login Security module; however, that
does not mean we can safely use weak passwords. What makes a strong password?
Mixture of letters and numbers
Use of special characters i.e. @, /, \, etc.
Being at least eight characters in length
Being unique (don't use the same password for multiple things)
If it includes a word (don't use the word itself as the password) the word
should be spelled wrong
Not contain personal information such as names, or date of birth
You might find substituting certain letters with numbers a good method to start
introducing numbers into your password, but try to use most of those points above
to use a secure password!
As well as being aware of phishing yourself, it might be a good idea to promote
understanding of phishing with emails sent out by your Drupal e-Commerce store.
A number of large online retailers generally provide advice in their emails informing
customers that their staff will never ask for specific pieces of information and that
if they are unsure whether the links in an email are valid they should go to the
homepage directly and navigate to the appropriate section.
With Drupal e-Commerce's email system it is very easy to add such notes to the ends
of emails, including customer welcome emails, invoice emails, and confirmation
emails. They can be changed from Administer | E-Commerce configuration | Mail .