Weak Passwords are BAD Security and they are YOUR responsibility!
Seriously – weak passwords are bad security – and bad security is bad news – for EVERYONE!
Everyone knows that they need to have a strong password – right? So why do you still have a weak password???
Some of you have easy to guess passwords … we know you do… and how do we know? Because every single day of the week, every single hour of the day, we see scumbag criminals trying password from the dictionary against our servers. We see these all day long, and when we see failed login attempts on the email + FTP + SSH services – we block the IP addresses to stop them trying more passwords.
However – this isn’t as effective as it once was – these cyber-criminals have got smarter … they have botnets of hundreds or thousands of PCs, and can run a few tests from one IP address, stop – run tests from a different IP address – and repeat – by only trying a few email passwords per IP address, they can avoid being banned from our servers – and if one of IP addresses gets banned from our servers, they often have thousands more they can keep trying from… and this happens all day long.
So – get it clear… there are criminals trying to break into YOUR EMAIL ACCOUNTS … and they do it for TWO main reasons…..
- they want your identity – they can get info about you and your bank, your children, family and other stuff – and they can steal your identity from your email account – even though you might be as poor as a church mouse, they can get thousands of dollars in goods + services from even a simple Identity compromise!
- they want to abuse the email servers – many times once these criminals get a password, they will send out thousands, or hundreds of thousands of emails through the server in the next few hours – again, they can use multiple IPs to avoid our monitoring – and that happens almost every time a password is compromised or guessed
So what? Dare you say “so what?”
Here’s what…. every time a criminal abuses an email account – our mailserver gets blacklisted – and that means the LEGITIMATE email that you try to send can be either “deferred” – meaning delayed… or “bounced” – meaning REJECTED. So when we have a weak password that is guessed, it can cause all sorts of problems for your business – you might not get that quote to a customer, or support email to an upset client – it can and will cost you – time and potentially money!
So now we’ve put the fear into you – how do you prevent this?
Well the advice is not new… you need STRONG passwords – fluffy123 is not a strong password – they try that one every day, along with password and 123, 1234, 12345, etc, etc. Those passwords are BEYOND weak – they are negligent. If we find a password of 123 – we’ll just disable that email – it is a VERY bad thing.
So how do you get a strong password?
We recommend a 10-16 character password – and if possible – use the STRONG generator – the one with punctuation in it.
Strong: VI%TJCQ7;[email protected]
Now – don’t use the same password in every site – if you lose your email password or it is compromised, they can get into other sites, like your facebook, or gmail – or your bank maybe… not GOOD!!!
So you need a way to store your passwords – and for that we recommend a password manager.. there are some good free options:
Just pick one – embrace it – and use it every day!!