Menu

10/7/2024 8:45 PM

All services are online and functioning normally.


Weak Passwords

Email Outages can be caused  by email account "hijacking" which is accomplished by password "cracking." Basically the perpetrators have software that continually guess at the password on an email account until it guesses correctly. Then the email account is used to send SPAM to countless email addresses.

This practice has been used weekly against email servers on our service with relative success. The single biggest reason for their success (and repeated attacks) is the large number of email accounts that have simple passwords.  Simple passwords can be cracked quickly and that gives the crook more reason to keep trying. It is in all our best interests for all of us to have complicated email passwords. It only takes one employee who refuses to create a complex password to cause the entire block of email accounts in the same domain to experience an email outage. 

Here is an excerpt from Microsoft's guidance on creating strong passwords, the full text is found here:  

A strong password is an important protection to help you have safer online transactions. Here are steps you can take to create a strong password. Some or all might help protect your online transactions:

  • Length. Make your passwords long with eight or more characters.

  • Complexity. Include letters, punctuation, symbols, and numbers. Use the entire keyboard, not just the letters and characters you use or see most often. The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."

  • Variation. To keep strong passwords effective, change them often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.

  • Variety. Don't use the same password for everything. Cybercriminals steal passwords on websites that have very little security, and then they use that same password and user name in more secure environments, such as banking websites.