Skip to main content

Add a password to your website or web directory

In my cases, you may want to add a password to one of your website or web folder.

For example in my case, I have a website where I can simply download some files I’ve downloaded with my Deluge web-ui. This is done with Apache, where I simply have a virtualhost to link to a folder with the Option +Indexes to display all the files.

But obviously I don’t want anyone else to access to this folder. Hence I’ve set up a simple username/password with the Apache htpasswd option.It can works with pretty anything, that does not includes per default a login system, like Yify-pop for the moment.

Here is how to do it.

1) Create a dedicated directory to store the password file

In Root, run

2) Create a password file with users

Still in root:

And you will need to enter a password

If you have multiple users, simply redo the command with user2, then user3, etc…

3) Modify your virtualhost

Now, you will need to edit (Or create) your virtualhost to add the authentication.

Inside the Directory path values


Save and reload apache

Now, everytime you navigate to the website linked to the modified virtualhost, Apache will ask you your username and password.

Simple and consistent Password Generator

We all have dozens of accounts on different websites and we are sometimes tempted to use the same password for many if not all these websites.

One of my first articles on this blog was on how to choose a strong password yet easy to remember. I have to say, since I wrote this article, I’m always using this simple yet powerfull way to generate password:


I got a consistent way and easy to remember password.

KPw is for Killer Password

wordpress is the name of the service I’m registering (Can be WP or wordP, etc…)

4mi2 (for me too, anything you want in fact…)

I’m using this way to “generate” my password (In fact instead of dash, I could use space, etc…) just make your own way.

Unfortunately this way is not perfect, but much better than what I used to do in the past…true…


If you are looking for an even better way, plenty of password generator exists that will do a good job to provide a complex and difficult to hack password…actually even for you…tough to remember haha.

There is few services that can be installed on your own server and even fewer that will generate a strong password but yet with a simple way to get it back if you forget it.

And it’s the case of “password-generator” from xvello.

Password-generator is a simple web page that allows you to generate a site-specific password based on a single master password using SHA-1. If you forget your site specific password, the system will regenerate the same one based on your master password + website url combo.password generatorThe calculations to generate the password are done in your browser, neither your master password nor the generate site-specific password are exchanged on the network.Oh and well, it’s damn easy to install it.


Obviously, you will need a working web server, can read this tuto if you don’t have it yet.

1) Clone their git repository into your /var/www

If you don’t have git, simply run as root (or with sudo)

then clone it.

2) Go to http://YourIP/password-generatorYes…that’s it!

CacoCloud, Mail reader, RSS, password and bookmark manager

I’ve presented earlier some interesting projects that aim to gain back the control of your data while being very focus on privacy. It’s the case of Yunohost and Cozycloud, that works like your own cloud as a standalone distribution or to install on your current server, with 1 click installation of several application like, mails, calendar, torrent client, RSS reader, etc…(and growing) to let you install only what you need, or some projects like Owncloud, that is more an all-in-one application with contact, file, music, calendar,…

All these great pieces of work allow you to manage a large set of your need by centralizing those on your own server.

And I’ve actually discovered recently a similar project, called CacoCloud.

CacoCloud Mail Reader

CacoCloud is a simple, fast and secure RSS and mail reader + password and bookmark manager. Based on PHP and AngularJS, CacoCloud uses SQLite to store the information in a encrypted way. Thanks to its small footprint, CacoCloud will even run smoothly on your Raspberry Pi.

CacoCloud RSS feed reader

Interested to play with it, here is how to install CacoCloud.



I assume you have a running Web server with Apache and PHP. If it is not the case, please check this tutorial.

1) Install sqlite and php dependencies

In root (Or with sudo), run:

2) Download and extract their latest archive into a dedicated folder in /var/www

3) Change the owner of the cacocloud folder to your web server user to make sure no permisssion error will occur (Like blank page, etc…)

4) Make sure the proper apache modules are enabled

Still in root:

5) Create a dedicated virtualhost to point your subdomain to directly the cacocloud public folder, with SSL certificate.

What you will need:

– Create a A redirection in your DNS server/registrar with something like cc.domain.tld to your IP

– Have SSL certificate ready. If not you can read this tutorial. (Optional but strongly recommended)

– Create your virtualhost as following:

In /etc/apache2/sites-enabled/, create a file called cacocloud (In root):

and paste the following content:

Adapt the content (Servername, webmaster email, SSL certificate and directory if different).

When done, save the file (CTRL+X then Yes) and reload apache: (In root)

6) Launch the web installer and make sure you have all the dependencies required.

Simply go to http://youIP/cacocloud/public/install and check if everything is in green.

Then proceed to the database and user creation.

And you should be good to go!!

A very simple video has been done to explain how to install CacoCloud on a DigitalOcean VM in less than 2 minutes.

How to choose a good password

And the top 10 passwords are ……:

top 10 passwords of 2013
Worst passwords of 2013

If you are using any of these password you MUST change them as soon as possible by a robust one.

By robust, I mean:

Difficult to bruteforce (Trying all the combination possible with important processing power, like doing aaa, aab, aac, aad. Easy to do with current technology….)

Difficult to guess (If your first 3 letters start by oba, most probably the next 2 will be ma…obama. This can be done based on statistics and using words from dictionaries,… alias Entropy)


  • Write down your password on a piece of paper and post it on your computer (Too many people and enterprises are still doing it…).
  • Use the same password across multiple services. If one service is compromised, you could loose all the others accounts !
  • Share your password with anyone else. You may trust your friend, colleagues, family, but they may not have as good practices as (hopefully) you have to keep it secret.
  • If your email providers or any other services is requesting to send them your password for double checking or repair something, etc…, or any others reasons. Do not share it ! Most probably it is just some SPAM, SCAM, …Professional providers will NEVER ask you your password.


  • Names:
    • of yourself, including nicknames or login name (Even in reverse order or whatever order);
    • of your relatives;
    • of fictional characters or popular movie (Lord Of the Ring, Star Trek,… ;
    • of any place or proper noun;
  • Numbers, including:
    • your phone number;
    • your social security number;
    • anyone’s birthday;
    • your driver’s licence number or licence plate;
    • your room number or address;
    • any common number like 3.1415926;
    • any mathematical series such as 1234 or 2468, etc…(Computer will be better than you at this game)
  • Any word in any dictionary in any language in any form including slang, obscenity, or even technical jargon.
  • Any common phrases such as “Thanks God, it’s Friday” or “So far so good’, etc..;
  • Simple patterns, including:
    • passwords of all the same letter;
    • simple keyboard patterns (qwerty, asdfjkl);.
  • Any information about you that is easily obtainable:
    • favorite color;
    • favorite rock group.
  • Any object that is in your field of vision at your workstation.
  • Any password that you have used in the past.


  • Change your password frequently (Every 3 to 6 months);
  • Use both UPPER and lower case letters.
  • Use numbers, letters and special symbols (!@#$%^&*).
  • Create simple mnemonics (memory aids) tp help you remember your password:
    • “Ial 4g miPA$$.” for “I always forget my password.” (14 characters with UPPER and lower case, both letters and numbers with special symbols (Including spaces)
    • “HmPwaCciaCccP?” for “How many passwords would a cracker crack if a cracker could crack passwords?” (From MIT example)
  • Use misspelled words (Whut ru tolqing Abut?).
  • Use a minimum of eight characters. Some even recommend at least 15 characters. Anyway, in most of the case, the longer the better.
  • Could use your own standard rule to change a little bit only your password for each different services:
    • “Ial 4g miPA$$.” could become “Ial 4g-GO miPA$$.” for Google account and “Ial 4g-AM miPA$$.” for Amazon account.

Some people are recommending to use Password Wallets to avoid having to remember several passwords for different services. It’s basically a small software installed on your computer or smartphone that will keep records of all your passwords and will be protected by a super strong password (The only one to remember).

I’m not a big fan of these software as protecting your own computer might not be an easy job to avoid any hack, etc.. and you need to really trust this software to put all your eggs in the same basket…

Actually, for non critical passwords, if might even be safer to write it down on a small paper and keep it in your wallets, as most of the attacks will come from internet or having physical access to your computer.

The best will always be to keep it in your head. And if you forget it, just reset it.

If you want to see what could be a robust password, I recommend you this Strong Password Generator. However, it may be risky to use it as you are not sure if this website is keeping in record all the generated passwords in its database. (Probably not, but now, as a advised user, you should doubt of everything)

And to see how secure would be your password, I recommend you using this service. But here again, you are not sure that once entered into the website, it keeps record or not.

Password Security
Password Security

And you, what are your tips to choose a good password?