Secure Password Techniques: Don't Fall Victim

These days, just about everything we do on the Internet requires password usage in one form or another and password hijacking/hacking is on the rise.  The "bad guys" run automated querying scripts that can crack simple passwords in just minutes.  Whether the hacker is trying to crack your personal banking password or is trying to gain access to your email account, it can create an absolute nightmare.  With a few simple techniques, you can almost 100% be certain that your personal information is safe and secure. 

Since we deal with website and email hosting - let's talk a little about e-mail passwords.

One thing that many of our Clients forget is just how sensitive e-mail passwords are.  Case in point, lets say a hacker is able to get your email password but he/she is not able to crack your banking password (because you made that one more secure).  What they do is simply put in a request for a "lost password" and within minutes, they are logging into your bank, credit cards and stock portfolios.  People forget how important your email password is! Allowing your email password to get hijacked is like handing a hacker a free pass to your finances and affairs.  That is why we are sending this very important announcement to all of our Clients. Many of you are using very simple passwords and are at risk of being hacked.  Hopefully this will help prevent disasters before they happen.

Over the past 60 days, we have seen a dramatic increase in e-mail account hijacking.  In the cases we dealt with, the email password wasn’t cracked in an attempt to get into personal accounting information, but quite simply, it was hacked so that the hacker could use the account he/she hacked into to send spam to people all over the world. Two of the most recent instances, our clients passwords were of the simplest form.  One of the passwords was "password" and the other password was "legal".  These are dictionary terms and are very simple to crack.  The spammer were able to send about 8,000 spam emails in 10 minutes time, at which point our technician saw something wrong and terminated the spamming session (and contacted the client with a new temporary password).

The problem here is, 8,000 messages were already sent.  Instances like this put an entire web server and/or your domain name in risk of being blacklisted as a spamming server.  Lucky for us, we have a standing agreement with all major providers (such as AOL, MSN and Yahoo) where they notify us of any spam generated from our network and give us the opportunity to rectify the issue without having to take action by means of blacklisting a server or domain name.

We cant even count the number of times that a client will re-set a perfectly good (random) password to something simple.  So now is the time to think about security and change your password to something "safe and sound".  So how can you make your password safe you ask?  Very simple! 

Following any one (or preferably more) of the tips below will ensure you have a secure password:

1. Make it lengthy - Each character that you add to your password increases the protection that it provides many times over. Your passwords should be 8 or more characters in length; 14 characters or longer is ideal.

2. Combine letters, numbers, and symbols - The greater variety of characters that you have in your password, the harder it is to guess.  Keep in mind you can substitute a dollar sign for the letter "S" like this. Or try substituting the @ sign for the letter "A" or even a zero for the letter "O". Also mix in a capital letter - that one capital letter (randomly chosen) will make your password 3x more secure than a password without a capital letter.

3. Be creative!  Try not to use a simple word, but something a little more complex.  Then combine symbols as replacement for a few letters.  You can make your password a "choice phrase" while making it a super-secure password.  Good example the word "waterfall" as a password can be used like this: w@t3rF@l1.  Miss-spelling words is also a really good technique.

You should avoid any of the following:

1. Avoid sequences or repeated characters. "12345678," "222222," "abcdefg," or adjacent letters on your keyboard do not help make secure passwords.

2. Avoid your login name. Any part of your name, birthday, social security number, or similar information for your loved ones constitutes a bad password choice. This is one of the first things criminals will try.

3. Avoid dictionary words in any language. Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions.

4. Use more than one password everywhere. If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.

We hope that this information has been helpful to you. Feel free to share with with your family, friends and colleagues as this is good practice - not only for e-mail passwords, but for anything that has personal information involved.  If you have any questions, or if your email is hosted with AJT and you would like to change your e-mail password to something more secure, but forgot how to change your password - simply open a support ticket on our customer support portal - http://www.ajtsupport.com/email-support.html and our technicians will be happy to assist you.  Remember, we are available 24 hours per day, 7 days a week.

Excellent Customer Support Takes Two!

There are plenty of suggestions out there for providing great customer support, but there’s not much that we’ve seen on how to get great customer support. Part of being a great customer is the inevitable interaction with a customer support person when something goes wrong or when you have a question.

Being on the receiving end for thousands of support and customer service requests we’ve learned a thing or two about how you should go about putting a customer support request together. How you communicate has a lot to do with how your request is handled. Here are some tips:

Remember there’s a human on the other end.
It doesn’t matter where your customer support rep is, even if you are leaving him or her a voicemail or writing an email, your words will be heard or read and they are still human. Treat them with dignity and respect. Their sole purpose is to help you so be kind and thank them in advance for their assistance. The nicer you are the nicer they’ll be in response — this is simple human nature. You also have to remember how stressful and sometimes just difficult the customer/technical support line of work is. What might end up being a quick reply to your request (one liner email response) might have taken the tech an hour or two of tedious work to resolve your issue.

Don't assume that your problem is really a problem.
Let's say you call our customer support team about an issue - let's pretend your email isnt working (and you are upset). You immediately think the server is down and before the tech answers the phone you are already fired up. But with many issues, a safe estimate would be about 1/3 of our support tickets, are not even a server problem but a problem with your computer and/or internet connection. Now at this point, once we verify that "our side" of things are completely operational. We then begin troubleshooting "your side" (i.e. your computer and modem). I would say, out of these instances, 90% of them can be resolved immediately. Note that we are not a computer support company, that is what Geek Squad does, they come to your home or office and fix your computer. However in an attempt to provide exceptional customer support, our techs will try the steps to help you get functional once again. Be sure you realize that this tech just went way past his call of duty and saved you a $100 service call.

Don't get upset if the phone is not answered at the moment you call.
Leave a voicemail or simply visit http://www.ajtsupport.com/ and submit a ticket. Sometimes Clients get bent out of shape because they tried calling 3 times within 10 minutes and get the voicemail each time. Remember, the tech(s) on duty also have a responsibility of watching over the network and performing maintenance on all servers. They might also be working a really complicated issue. Regardless of the reason, realize that a voicemail electronically opens a ticket in our system and you will get a speedy reply. We did some "secret shopper" testing and compared our response time to that of some of our competitors on several occasions. In the few times we did reach the voicemail, the AJT tech had already replied while we were still on sitting patiently on-hold (in an seemingly endless queue) waiting to speak with a tech from the competition. Our PBX phone system has these queue capabilities, however it is so much nicer to not have to hold a burning phone to your ear for an hour.

Pick and choose your emergencies
If you have a legitimate emergency, the absolute fastest way to reach our team is to fill out a quick ticket here: http://ajtsupport.com/email-support.html and be sure to mark "High" or "Emergency" as doing so will set off audible alarms in our operations center as well as send SMS text messages to all managers and customer support representatives. You will get a reply within minutes. Legitimate emergencies include (but are not limited to); email down, website down, urgent change required - basically use your judgement, its not OUR place to tell you what an emergency is.

Don’t assume your request will be ignored.
I’m always surprised by the number of people who start or end their email with “No one will probably see this, but…” Don’t assume that. It devalues the request, starts the exchange off on a negative, and puts the support agent on the defensive.

Don’t start with a threat.
“Do this immediately or else…” or “If you don’t do this I’ll report you to the Better Business Bureau” or “If you don’t do that I’m going to report this to my bank and other authorities” or “If you don’t respond within 4 hours you’ll be hearing from my lawyer…” It’s not uncommon to hear this on the first email from people. I don’t know if folks assume you are out to get them or they’ve been burned before, but starting with a threat never helps your cause. Given the choice to help two people, the customer service person is naturally going to help who appears easiest to help first. Plus, people will do more for others who are kind to them than they will for someone sounding bitter and dismissive right from the start.

Provide useful, descriptive, relevant information.
This can be a tough one since people don’t always know what’s relevant, but think it through before you send your support request. If you are having trouble logging in, don’t just say “I can’t login. Any ideas?” Instead say “Whenever I try to login, the login screen just reloads without an error message. I know my username and password is correct. Any ideas? Thanks.” That extra bit of information will help considerably and will reduce the number of back-and-forth emails between you and the support person.

Don’t write overly detailed, wordy support requests.
The longer your email the more of a burden it puts on the customer support person. They have to read the entire thing (I’ve seen simple support requests balloon into two printed pages), sift through to find what’s meaningful, and spend more time figuring out exactly what’s wrong. Since they’re trying to help you, you want to reduce their burden. You want to make it as easy as possible for them to help you. So, be clear, concise, and brief. More words often confuses instead of clarifies the issue. Save the wordiness for the thank you email once the problem has been solved.

We hope this is helpful. Just as customer support folks need to learn to provide great customer support, customers need to learn how to be great customers.

Creating and Using Safe and Secure Passwords

Most of us like to create our own passwords. Here are a few guidelines for this task when creating passwords for just about anything, most importantly, for your email account and other confidential logins.

The best password is one that's unassociated with you, the user, because a clever intruder who knows about you could possibly crack such a password. On the other hand, a password that has no association with the user may be eminently forgettable. Users solve this problem in a number of insecure ways, ranging from writing their passwords on post-its that they affix to their monitors to leaving notes in an unlocked desk drawer!

A good password contains upper and lower case alphabet characters and numbers, but no special characters (, . ; : * % & !). If you have difficulty remembering such an involved password, another suggestion is to merge unrelated adjectives and nouns, such as funnyclock or smartbottle. It's even more effective to use that scheme if you place a number between the words. A good strategy is to create the password out of the first letters of a phrase familiar to you and to intersperse numbers. Good examples would be a word such as firebomb as your password, only spell it this way: f1rE80mB

Passwords are case-sensitive. The longer the password, the harder it is to guess or crack, so six to eight characters should be your minimum length.

Following these simple guidelines will avoid you a lot of stress. We recently had a clients email account hijacked because their password was a simple 6 letter word with no uppercase, symbols or numbers. A spammer was able to blast off about 8,000 spam emails using this clients email address before our System Administrator found the issue which was picked up on when the server loads (processes running) were extremely high.

Feel free to follow these guidelines for your other personal items as well - it is a good habit to get into.