Is My Password Wimpy?
Most people use passwords that are easy for them to remember so that they can check their email on the go, or from a computer they don’t ordinarily use. We do this using patterns we develop over time, usually for sentimental reasons; a childhood pet’s name, a sibling’s middle name, the year we were born, etc., are all things that it’s easy for us to remember. RoverAmanda72 is much easier than those horrible passwords a generator will give you, and all you have to do is think, “Dog, sister, b’day,” to remember it! The problem is, a computer can crack that password very quickly, especially if that information about you is on the internet somewhere.
A good password is totally random, has nothing to do with you, has no (or few) real words in it, and doesn’t follow a pattern. Humans try to work with patterns, but computers absolutely depend on them. This means that using a truly random password increases the chances of keeping bots out of your email. You should also use completely different random passwords for everything you log into, so that if one password is cracked, they don’t have access to your entire digital life.
So now you’re probably thinking, “Well, that’s nice, but I can’t remember a dozen or more completely random passwords!” And you’re in luck, since you don’t have to remember them. There are now password management services that will do that for you. Create an account, remember a single password, and let the management service remember the password to your other websites and services. Most of them even have a free level, such as Dashlane, even if it means you can only use it on one device. Just Google “Password Manager”
Help, I’m Blacklisted!
Okay, what happens if you choose not to use a random, super-hard-to-remember password? Well, a lot of things can happen! Probably one of the worst things that can happen, though, is getting blacklisted. That happens when a bot logs into your email and starts sending out emails to random addresses with whatever scam they’re running that day. Most email providers will only allow you to send up to 250 emails per day, and a bot will blast through those in less than a minute. Usually this gets your email deactivated until your password is reset, but the damage is already done. Now around 250 people are going to start reporting those emails to their hosts as spam, which the host, in turn, reports to services such as Barracuda (a service that tracks email and domain reputation). Most email hosts will check with multiple services like Barracuda when an email comes into them to see if the person sending it has a bad reputation. If they do, the server will flag the message as spam, or, in extreme cases, completely reject it. And there are thousands of lists like Barracuda, which makes it extremely expensive and time-consuming to get your domain removed from them.
How Did They Get In?
The first question most people ask after their email has been broken into is, “How did they get in?” The answer to that is almost always, “With the password.” Really, there are two main ways to get your password:
They guessed it. Sounds impossible, but computers can think a lot faster than we can. A computer can hammer at a login page using different combinations of words and numbers (which is why you shouldn’t use real words or number sequences in passwords), much faster than a human can. A good email hosting service will detect this after a few attempts and block the IP address of the computer trying to get in. But they don’t always catch it, which usually means…
You gave it to them. Usually this is done through a tiny program called spyware or malware. The program gets installed in the background when you go to a website infected with it or open an attachment from an infected computer. The program will usually hide in the background watching what websites you go to and the passwords & usernames you type in to access them. After a while, this information gets sent to someone, who uses it to log into those services and wreak havoc.
What About Prevention?
Prevention is something that needs constant attention, but there are some things you can do to make it easier:
- Pick a quality email host. While it seems counterintuitive, a good email host will shut down your email if they detect a bot sending messages or trying to break in. This is to protect you from being blacklisted, which is a very good thing, if an inconvenience.
- Use a managed hosting provider. Web developers such as CYber SYtes manage your email service for you, so you’re not bombarded with terminology you don’t understand and decisions you don’t know how to make.
- Change your passwords often. Using a completely random password doesn’t mean that a bot can’t break it, only that it takes longer. Changing your passwords at least yearly adds to the difficulty of breaking it.
- Use a different password for every account. If you use the same password over and over, the chances are high that if one service gets broken into, the break-in will spread to other services with the same password.
- Don’t re-type passwords if you can help it. Use copy & paste to enter passwords instead of re-typing them. Spyware can’t see your password if you’re not typing it.
- Check your devices often for spyware and malware. Use scanners like Malware Bytes to scan your computer, or ask your website designer if they can recommend an IT company to keep your computers healthy.
- Use a password manager. Password management services can help you keep your passwords organized and even automatically log you into websites without constantly having to re-type the username and password.
- Check your domain reputation. Most services don’t do this unless you ask them to, so you’ll probably have to request it. Usually, though, a quick check only takes a few minutes and doesn’t cost anything.