Last month I spent a good portion of the week cleaning up after one of the worst cases of blacklisting I can remember during my twelve years with Skyway West (read a post of mine from last year on how to prevent your Outgoing Mail being tagged as spam). An employee of one of our clients had a very simple, unsecure password protecting their email account. When that account was compromised all heck broke loose here in Support. It ended up taking over 24 hours to find the compromised email account and to get our mail server off the blacklist. So this month I wanted to talk to you about the importance of keeping your passwords secure and confidential.
Unfortunately, an “easy-to-remember” password like mary123 is not very secure at all. Why not? Most people usually have several passwords, pass phrases, PIN numbers and so on to remember so they pick codes that they can easily recall. Hackers know this. After accessing your email address (this part is easy — our email addresses are everywhere) they’ll run what is called dictionary attacks against your email account and, with any luck (good for them, bad for you), they’ve found your password and your account is compromised. Soon they’ll start sending email out from your account (or worse, start reading your confidential email).
So what are the best types of passwords? Here are a few sample passwords — see if you can choose the good ones from the bad:
If you chose 1, 4, 5 and 6 for bad passwords, you’re correct! Those are the four with the poorest security rating; 2, 3 and 7 are far more secure. There are plenty of articles on the Internet that can explain why these passwords are either secure or insecure but the short answer is that good passwords are at least 8 characters long, use a mix of upper and lower case letters, as well as numbers and/or other special characters (!,$,%, etc.). By doing so they circumvent the way the dictionary attacks are designed to get at your valuable password. Here are just a couple of article examples to further your reading:
In addition to making your password secure you also need to keep it confidential. Never, under any circumstances, divulge your password to anyone not authorized to know it. So who should know your password? Well, your systems administrator (if applicable), and if your email account is maintained by an Internet Service Provider such as Skyway West, the support staff of that ISP. Always verify the person you are about to divulge your password to and, if possible, have them give you a part of your password so you can verify they truly have the privilege of knowing it. If this isn’t possible then make sure you know who you are talking to and get some information about them which, hopefully, you can use to determine an appropriate level of trust.
Finally, don’t forget to perform regular checks for viruses and other malware on all the computers on your network. There are malware applications that, once on your network, actively look for your authentication information and transmit that information back to the creator of the software. By simply keeping your computers clean you can eliminate a good deal of worry.
Periodically changing your password doesn’t hurt either. The most common complaint I get when I mention this: how will I remember what my password is if I change it all the time? What I suggest is to get a password managing application: keep all your passwords withing the application and you’ll only have to remember the one you need to access the password manager. Here’s a link to a PC Mag article on the Best Password Managers.
Passwords are the single most important pieces of data you have that protect you from incoming (someone trying to read your email), and outgoing threats (someone using your account to send email). Like the PIN number on your bank account you should never divulge to any unauthorized person your password information. If you follow the suggestions above you should find yourself much less of a target to those that might do you or your reputation harm.
Got a question or an idea for a topic you would like to see covered in one of my upcoming blogs? Write to firstname.lastname@example.org and sound off. I’ll do what I can to address your questions or concerns either personally in a reply email or on the blog. Until next month, take care.