Across the web there have been increasing reports of hacked and compromised email accounts. Regardless of security measures taken by your host, there is always a level of responsibility on your end to ensure that malicious users cannot access your personal information by guessing one or more of your passwords. By gaining access to your email account, a malicious user can send SPAM, lock you out, remove your messages, and possibly gain access to even more sensitive information.
Password security is essential for ensuring the integrity of your email accounts and the protection of any information stored there. We’ve compiled some recommendations from our Abuse & Security team to share with our clients and followers with the hope of increasing public awareness and improving email security across the board.
The very first rule of thumb is to refrain from using dictionary words, common keystroke combinations, or names for your passwords as these can easily be guessed programmatically. Examples of such insecure passwords would be ‘cat’, ‘password’, ‘123qwerty’, ‘asdfasdf’, ‘Mike’, or ‘Lassie’. Instead, try to use various upper and lower case letters along with some numbers and symbols. You can even use numbers and symbols in place of letters and create a password that is easy to remember.
To create a secure password, first think of a word or phrase that you can remember. In this example I’ll use the phrase ‘No Trespassing’. First I’ll combine this phrase into one word, ‘NoTrespassing’. Next I’ll replace some of the letters with numbers and mix up the cases, ‘n07R3sPas51Ng’. Lastly we can add in some symbol characters just to add complexity, ‘n07R3sP@$51Ng’. Passwords such as this using 10 characters or more are considered strong passwords, and will greatly reduce your chances of surrendering email access to any malicious user.
If you are unable to remember such a password easily, then we would recommend storing it in a secure encrypted location, and copying it from there when you need to use it. Never store any passwords in a plain text file as any malicious user able to read that file will have easy access to your accounts. By using an SSL (https://) to connect to your webmail, you will prevent passwords from being sent across the internet in plain text format, which will disable any malicious users from discovering your password by sniffing data packets on the way to their destination during the authentication process.
For an even higher level of security, you should change your passwords periodically, making your credentials a moving target for anyone attempting to access your information. Additionally, it would be wise to use separate passwords for different accounts, as this will prevent one compromised account from revealing the key to any others. There are numerous applications available just for this purpose, which allow multiple passwords to be encrypted and stored, only accessible via one master secure password that you’ve memorized.
Making the personal adjustment to use secure passwords can be difficult for those who are used to one simple key that grants them access to all of their information. Although the methods we’ve suggested above are undoubtedly more tedious and may require a higher level of planning on your end, it’s a small price to pay for the confidence that your information is kept private and protected. The effort to secure your accounts pales in comparison to the work required to recover from having your personal information stolen.
One other vulnerability worth mentioning is the possibility of your personal computer being infected with malware. Some of this malicious software can steal your passwords while you type them in. To protect yourself from this sort of intrusion it is important to regularly scan your computer for malware. No one single anti-malware application will catch 100% of all malware, so scans with two or more reputable malware scanners is recommended. If you’re unsure of which program to use to scan for malware, we have found the following programs to be effective for Windows computers:
HouseCall: http://housecall.trendmicro.com/
MBAM: http://www.malwarebytes.org/mbam.php
Microsoft Security Essentials: http://www.microsoft.com/Security_Essentials/
Spybot S&D: http://www.safer-networking.org/index2.html
SUPERAntiSpyware: http://www.superantispyware.com/superantispyware.html
Although Mac OS products have a reputation for being less susceptible to malware attacks, they are not invulnerable. Be sure to keep your software up to date for the best level of security. There are some things to look out for on any platform that should raise a red flag in the event of your email account being compromised. If you are getting bouncebacks for undeliverable messages or seeing messages in your sent folder that you didn’t send, you should contact your host immediately for assistance.
We hope that this information proves useful to anyone concerned with the security of their information, and HostDime’s support staff will always be available to assist should you have any questions that we did not answer in this post. We wish you a wonderful day and safe surfing!
[divider]
This article was written by Mike W., HostDime’s Client Relations Supervisor.
HostDime is one of the top 50 web hosts in the world. Follow us on Twitter and Facebook.
As always a selection of informative and interesting material. Thanks.
when i was younger, i always love the tune of alternative music compared to pop music;