Law 4. If an attacker was able to download the application your Web site, it's no longer your web site In fact, I would have such a law is removed. Web site – this is also a computer and the Act repeats the law number 1. But apparently this is quite an important point, since Microsoft has made a separate item. And as recommendations – all web sites is better to keep at home, rather than from 'unknown', even 'very reliable' ISP. Only in this case, we can guarantee at least some security. Law number 5. Weak passwords make useless any security system is really so.
For each password should apply rule 3 of 4 (where 4 – is 4 types of characters: lowercase letters, uppercase letters, numbers and special characters) and have a minimum length of 8 characters. In this case, the password can to know only one person! owner login. (In some companies, even the administrator, there are separate lists of users with all the passwords, and these lists of 'lying' to 'very safe' place, including, for example, on the FMS … which is easy to lose. And on the other hand if you have a password on a web server, 'Doe' coincides with the password to Exchange – OWA … then your password is already aware that most 'Doe' as mimnimum. Since these passwords are very hard to remember, and over time their accumulates a lot, you can use special programs such as RoboForm, to store passwords in an encrypted form.