XMission's Company Journal

How Secure is your Password?

Many of us have seen or personally experienced identity theft and financial fraud, so, why don’t we think about email fraud? Typically, we realize that something is wrong with our email accounts only after they have been compromised by a third party.

Today, we want to let you know that compromised email often happens because of password security issues. Our passwords are some of the most important things to keep secure in today’s digital world.

There are typically two primary reasons accounts are compromised, creating theft and fraud. Here at XMission we do everything we can to fight and prevent this from happening but we just can’t block it all.

The first and most common reason for a compromised account is because of someone clicking on a link or replying to a “phishing email.” Wikipedia describes phishing as “an attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.” These communications typically pretend to come from a trusted company and tell you that there is some kind of account change required. The email will usually ask you to provide private information such as your username, password, or credit card details.

The second common situation is that you fall victim to a brute-force attack or a personal attack. It’s common for a malicious individual or group to want to access or attack your account. This could be for personal reasons, or just because your email happens to be on an automated list. Unfortunately, it’s extremely hard to figure out why it’s happening or who is doing it.

It is not only important to have secure passwords for the services and websites you frequently visit on the Internet, it is equally important to change them with regularity. Changing your passwords every six or 12 months and keeping your password complex are the best ways to fight fraud.

Currently, XMission requires 50 bits of entropy (and recommends 125 bits of entropy), which is a measurement of password strength. In order to achieve this level, passwords should be no less than 12 characters long. It is recommended to have your password contain a combination of uppercase letters, lowercase letters, numbers, and special characters. Using passwords that meet these requirements lowers your overall risk of brute attacks and personal attacks.

We invite you to check the difficulty of your current password by using this site. From here you can see how long it would take a computer automated system to gain access to your account. If your current password doesn’t feel strong enough to you and doesn’t meet our requirements we ask that you update it now.

You can update your password anytime at or contact our customer support 24/7. Remember, XMission will never ask you for your password over email. Any password request over email is most likely an attempt by someone to gain access to your account and information. Be aware and verify who is requesting information before giving out any personal details or passwords.


, , ,

Comments are currently closed.

2 thoughts on “How Secure is your Password?

  • Peter says:

    Thank you for the article on passwords and for being security conscious. My question is actually about ssh keys. Does Xmission by chance expire our ssh keys on our shell accounts after a period of time? I ask because my keys stopped working a couple of weeks ago and I had to create new ones.

    At first I feared a man-in-the-middle attack but it happened at different times on different computers. I finally assumed it was because my old keys used DSA and you now recommend RSA for our keys. Then again maybe it was just an address change on the server.

    Thanks again for your security concern and looking out for us.

  • I prefer measuring password security by entropy rather than arbitrary metrics. See for guessing the entropy of a password, based on the zxcvbn.js project by Dropbox. Unlike magic hand-waving, zxcvbn.js is based on rigorous mathematics, known properties about English, and known other tested heuristics.