Transmission

XMission's Company Journal

Today is Change Your Password Day

One of the most common security problems XMission faces with our customers are insecure passwords. Today marks “Change Your Password Day”, pushed forward by a writer at Gizmodo. XMission supports this because it is not only important to have secure passwords for the services and websites you frequent on the Internet, it is equally important to change them with regularity. Especially the ones you frequently use. Here are some “pro tips” for keeping your passwords secure.

  • Use a “password manager” that enables you to use a different password for every website you visit, but store them securely. My favorite is LastPass. Although LastPass had a security issue last year, using a complex password for subsequent encryption of stored passwords overrides their data being compromised.
  • Passwords should be a minimum of eight characters. The more characters you use, the harder it is to “brute force” crack your password. With processing power increasing, it has been possible in some cases to crack eight character passwords in short order by trying every possibility. The more characters you use, it gets exponentially harder to crack. A simple tactic to expand your password length is come up with a personal pattern for mixing words together, simply mixing words is not enough. So a bad password would be “chesscheeseeagle”, but this could be made into an excellent password with patterning “^^^^chess444CHEESE801eagle###”.
  • Some say dictionary words should be avoided altogether, and a password manager can do a good job of coming up with completely random passwords. Using the mixed word strategy above should only be used for passwords you have to memorize. A random password like “NmX5WCpPQwjRpuyUIjm86R4T” is vastly more secure than one using words, but for those of us who lack superhuman memory, patterned words are easier.
  • Two step verification like what Paypal and Google offer adds an additional layer of security upon well crafted passwords. Both of these services have smartphone “apps” which you can use to operate them.
  • For system and website administrators, using an SSH Key is far more secure than a password. All SSH capable shell and file transfer programs can handle keys instead of passwords.  Use them!
  • Remember that XMission and most professional websites will not ask you for your password in email. Any request is most likely an attempt by someone to gain access to your account and information. Lack of awareness and “social engineering” is a very common security hole. People’s good faith and trust is often the weakest part of computer security. Be aware and verify before giving out any personal information or passwords.

 

I hope these tips are helpful to keep your personal data secure and safe. Happy Change Your Password Day!

Facebooktwitterredditpinterestlinkedinmail

, , ,

Comments are currently closed.

6 thoughts on “Today is Change Your Password Day

  • Chris Carey says:

    I like using KeePass password manager. There’s a KeePass (or KeePassX) version for almost every OS, and it’s free.

  • Philip says:

    Is there an easy way to change my xmission webmail password? It seems like contacting customer service was the only way, but I’d like to do it on my own. Is that possible?

  • Pete Ashdown says:

    Yes Philip at the address http://xmission.com/password (which will redirect you to another location for changing your password).

  • Peter says:

    Just to be clear, your xmission webmail password is the same as your account password. When you change one you change the other. There is only one password. I have encountered a few people confused by this.

  • Philip says:

    Thanks for the link Pete. I tried it but it did not change my webmail password. I will contact Support.

    Peter, you wrote:
    “Just to be clear, your xmission webmail password is the same as your account password. When you change one you change the other. There is only one password. I have encountered a few people confused by this.”

    Just so I’m clear, I do actually have two passwords: one is my account password, the other is my webmail password, and I am familiar with the difference. Perhaps this is because I set up webmail long after I set up my xmission account. I specifically remember the phone support person asking me what I wanted to set my webmail password to, and I thought it was odd that they had to set it. I imagine some of the people you encountered who you think are confused may actually have two passwords.

  • Pete Ashdown says:

    If you are using webmail to access a non xmission.com email address, you will have a different password from what you use to access xmission.com. XMission hosts many office and organizational emails outside of our xmission.com domain and it is possible that you may be using one of these.