Security is a shared responsibility. It is shared by the hosting company, it is shared by the software developers, and it is shared by the end-user.
In the case of e-mail security there are a number of things that can be done to increase security.
The biggest problem will be spam being sent out through your account. The hosting company can do a number of things to make things better. For starters we can use an always-on SSL connection. This helps prevent the so-called ìman in the middle attackî where a hacker can intercept your Internet traffic and steal your email userid and password. They will then use your email userid and password to blast-out spam through your email provider. This will likely get your email account shutdown, your email address blacklisted, and your domain name reputation lowered. A lower domain name reputation increases the chances of your legitimate email being blocked as spam.
As for the end-userís part of the shared responsibility, probably the single most important factor will be the user password. It all comes down to the password, and when it comes to password the length of the password is the most important factor. The longer the password the harder it is for a hacker to crack (guess).
We definitely want to use as wide an alphabet as possible. This means having uppercase letters, lowercase letters, digits, and special characters in your password. Special characters are the characters created by using the shift key with the number keys.
Even with all this, a longer password is better. In fact a minimum decent length for a password is 12 characters. I know a lot of people are used to having an 8 character password length. A 12 character password is significantly better. A 12 character password has on average around a 5,000 year crack potential. This means it would take a malicious hacker using current computing methods about 5,000 years on average to crack a 12 character password.
Even with the very greatest technology, if your password hash is stolen and the bad guys perform the cracking on supercomputers the process is still well over 100 years on average. This is more than enough security for this time being. If this seems like overkill keep in mind that every 18 months computing power capacity doubles, so the average length of time to crack password drops in half.
You may feel like a 10 character password, which currently has a 12 month to 18 month length of time to break, is sufficient. In a year and a half from now that 10 character password will only take half as long to crack.
So, as a human being, how do you remember long passwords? After all, 12 characters is the minimum starting point and 20 characters is better. It is actually not that hard to create a long password that is easy to remember and hard for computers to break.
Start with three or maybe four words that you can remember. They don’t have to be necessarily meaningful to you although that can help. Perhaps the name of the street that a past friend of yours lived on coupled with a game that the two of you played. For example, maybe your friend used to live on Ocean Avenue and you used to play Monopoly. String this together and you have OceanAvenueMonopoly. Throw in some digits, perhaps the year that you and this friend were playing together. Now we have OceanAvenueMonopoly1995 for your password which is 23 characters in length. Yet you can remember this password surprisingly easily. Toss in a special character, such as & or $ or maybe put underscores between words such as OceanAvenue_Monopoly1995 and you have a 24 character password that is an extremely hard o break but rather easy for you to remember.
A great resource for checking how long a password can take to be cracked can be found here:
Then, of course, you need to change password regularly, at least a couple of times per year. The Payment Card Industry (PCI) requires new passwords every 30 days. This is a lot, but quite frankly if you make passwords this long, and you change them a couple of times per year, I believe you will be in a much better place than you than you were beforehand.
This has been another episode of “Life in the Datacenter” with Jack.