Tips to keep your email account secure
Spammers and hackers are using new methods and tools to breach server networks worldwide. The practice of using simple or common passwords to protect your email accounts is no longer sufficient to keep your data safe (was it ever?).
Tips for end users to keep your email account secure
- Length is key! This character complex password "1Ky&_jt$" is far less secure than this simple one "4YouShallNotAccessMyAccount!". The later is far easier to remember and is exponentially harder to exploit.
- A password might meet all the criteria below and still be a weak password (see administrator tips below). For example, "Hello2U!" meets all the criteria for a strong password listed below, but is still weak because it contains a complete word. "H3ll02U!" is a stronger alternative because it replaces some of the letters in the complete word with numbers.
- Create an acronym from an easy-to-remember piece of information. For example, pick a phrase that is meaningful to you, such as My son's birthday is 12 December, 2004. Using that phrase as your guide, you might use "Msbi12/Dec,4" for your password.
- Substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase. For example, My son's birthday is 12 December, 2004 could become "Mi$un'sBrthd8iz12124".
- Relate your password to a favorite hobby or sport. For example, I love to play badminton could become "ILuv2PlayB@dm1nt()n".
- If you feel you must write down your password in order to remember it, make sure you don't label it as your password, and keep it in a safe place.
- If you have multiple email accounts, don't use the same password for all of them. If a single account is breached, all your accounts may suffer the same fate.
- Don't create a password that in any way spells out the word "password" such as "Pa$$w0rd".
- The worst passwords of 2014: https://www.teamsid.com/worst-passwords-of-2014/
Tips for server administrators to enforce safe passwords
It's not always certain that your end users will follow best practices for email passwords. If your email software allows for custom password requirements, the following is a good starting point.
- Must be at least 10+ characters in length.
- Must include at least 1 capital letter
- Must include at least 1 lower case letter
- Must include at least 1 numeric value (0-9)
- Must include at least 1 special character (Shift+0-9)
- Does not include username
Why is this important? Believe me when I say that as a server administrator, you don't want to have to deal with the consequences of allowing your customers to use simple passwords. If an email account is breached, spammers may get full access to it and use it for sending spam. Should this happen to a severe enough degree, you are likely going to have your mail server IPs blacklisted or suffer poor reputation.
In my next post, I will outline the steps necessary to deal with poor IP reputation and blacklists.