Here at Empowering Media we are always concerned about security. Unfortunately there’s a lot of bad people on the Internet.
Hackers and spammers want your Email account. Not only to send out spam, but to grab anything important stored in your Email account. You typically store passwords, credit cards, private information in your Email and hackers know this.
As mentioned previously we put additional protections in place, but it appears they weren’t enough.
How Hackers Gain Access To Your Email
Today, hackers take control over other computers (otherwise known as bots) at an alarming rate. These botnets aren’t just a few hundred computers, but in many cases over 100,000 computers and larger! Yes that’s correct. Hackers have control of thousands of computers to use for attempting access to your Email account.
In the security industry, these attacks are known as “brute-force” or dictionary attacks. In which hackers literally try every common password used, such as the Spaceballs password, and words found in a dictionary. Some dictionary attacks are even so advanced they try common password techniques like replacing zeros for O’s. So today simple passwords are not safe.
To give an idea of how bad these attacks are, let me give you some statistics just from our network.
Since Sunday (April 24th, 2014), we’ve seen over 168,092 failed Email logins to our customer accounts. These attacks came from 4,678 unique IP addresses (basically individual computers).
So traditional blocking techniques won’t work on these types of attacks. They literally can try a different IP address every minute of the day, and would evade single server scanning techniques. In addition these attacks are constantly happening 24-hours a day, 7 days a week.
Fortunately there’s a better way, and there’s something we can do about it
We manage many servers, and can pool the logs to see the “big picture”. We can spot patterns not detected on just one server. We can also make sure legitimate bad logins aren’t blocked either. Most other hosting providers don’t do any of this to protect you. So this is somewhat a unique feature that’s available to all Empowering Media customers.
While I won’t give the specifics on how we block, I can say since we started yesterday we’ve blocked over 8,355 attempted logins.
While that might not seem a lot compared to 168k attacks, keep in mind they try from the same source multiple times within our network. This blockage stops them dead in their tracks.
Also the more the hackers attack our network, the stronger our defense becomes. So for the long term, this security feature will help protect hackers from gaining access to your account.
Create a Strong Password
Though nothing beats a strong password as the first line of defense. Even with our protections in place, we are still seeing too many attempted logins getting through. We will tweak and constantly improve our blocking, but you should always pick strong passwords anyways.
What’s a strong password?
Every password you create on our service (though the same applies to anywhere) should be:
- Long – The longer the better but over 8 characters, 12 – 14 characters being ideal.
- Unique – Should not be used anywhere else
- Random – Should not be a dictionary based word, and is a randomized collection of characters. Mixed case, numbers and special characters (ie. !^%&, etc.) being ideal.
If your password does not fit this description, then it’s a matter of WHEN, not IF your account will be compromised.
I cannot stress this enough for our customers. Weak passwords will eventually cost you time and money so change your passwords now! In addition, weak passwords can cause cause grief for other customers who share a server with you. Typically compromised accounts are used to send out spam, and cause the server to get blacklisted – blocking outgoing Email.
How To Manage Passwords
Managing these password via traditional methods, like the most common method of Post-It Notes®, won’t work. You need a password manager.
We recommend a password manager to manage, and store securely all of your passwords in one location.
We’ve been using 1Password in-house for over 4 years, and highly recommend you do also! The application is truly cross-platform. It runs on Mac OS X, Windows, and is available for your mobile device: iPhone, iPad, and Android. Best of all the passwords can be kept in sync between all devices.