Secure Password Techniques: Don't Fall Victim

These days, just about everything we do on the Internet requires password usage in one form or another and password hijacking/hacking is on the rise.  The "bad guys" run automated querying scripts that can crack simple passwords in just minutes.  Whether the hacker is trying to crack your personal banking password or is trying to gain access to your email account, it can create an absolute nightmare.  With a few simple techniques, you can almost 100% be certain that your personal information is safe and secure. 

Since we deal with website and email hosting - let's talk a little about e-mail passwords.

One thing that many of our Clients forget is just how sensitive e-mail passwords are.  Case in point, lets say a hacker is able to get your email password but he/she is not able to crack your banking password (because you made that one more secure).  What they do is simply put in a request for a "lost password" and within minutes, they are logging into your bank, credit cards and stock portfolios.  People forget how important your email password is! Allowing your email password to get hijacked is like handing a hacker a free pass to your finances and affairs.  That is why we are sending this very important announcement to all of our Clients. Many of you are using very simple passwords and are at risk of being hacked.  Hopefully this will help prevent disasters before they happen.

Over the past 60 days, we have seen a dramatic increase in e-mail account hijacking.  In the cases we dealt with, the email password wasn’t cracked in an attempt to get into personal accounting information, but quite simply, it was hacked so that the hacker could use the account he/she hacked into to send spam to people all over the world. Two of the most recent instances, our clients passwords were of the simplest form.  One of the passwords was "password" and the other password was "legal".  These are dictionary terms and are very simple to crack.  The spammer were able to send about 8,000 spam emails in 10 minutes time, at which point our technician saw something wrong and terminated the spamming session (and contacted the client with a new temporary password).

The problem here is, 8,000 messages were already sent.  Instances like this put an entire web server and/or your domain name in risk of being blacklisted as a spamming server.  Lucky for us, we have a standing agreement with all major providers (such as AOL, MSN and Yahoo) where they notify us of any spam generated from our network and give us the opportunity to rectify the issue without having to take action by means of blacklisting a server or domain name.

We cant even count the number of times that a client will re-set a perfectly good (random) password to something simple.  So now is the time to think about security and change your password to something "safe and sound".  So how can you make your password safe you ask?  Very simple! 

Following any one (or preferably more) of the tips below will ensure you have a secure password:

1. Make it lengthy - Each character that you add to your password increases the protection that it provides many times over. Your passwords should be 8 or more characters in length; 14 characters or longer is ideal.

2. Combine letters, numbers, and symbols - The greater variety of characters that you have in your password, the harder it is to guess.  Keep in mind you can substitute a dollar sign for the letter "S" like this. Or try substituting the @ sign for the letter "A" or even a zero for the letter "O". Also mix in a capital letter - that one capital letter (randomly chosen) will make your password 3x more secure than a password without a capital letter.

3. Be creative!  Try not to use a simple word, but something a little more complex.  Then combine symbols as replacement for a few letters.  You can make your password a "choice phrase" while making it a super-secure password.  Good example the word "waterfall" as a password can be used like this: w@t3rF@l1.  Miss-spelling words is also a really good technique.

You should avoid any of the following:

1. Avoid sequences or repeated characters. "12345678," "222222," "abcdefg," or adjacent letters on your keyboard do not help make secure passwords.

2. Avoid your login name. Any part of your name, birthday, social security number, or similar information for your loved ones constitutes a bad password choice. This is one of the first things criminals will try.

3. Avoid dictionary words in any language. Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions.

4. Use more than one password everywhere. If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.

We hope that this information has been helpful to you. Feel free to share with with your family, friends and colleagues as this is good practice - not only for e-mail passwords, but for anything that has personal information involved.  If you have any questions, or if your email is hosted with AJT and you would like to change your e-mail password to something more secure, but forgot how to change your password - simply open a support ticket on our customer support portal - http://www.ajtsupport.com/email-support.html and our technicians will be happy to assist you.  Remember, we are available 24 hours per day, 7 days a week.