It might be tempting to assume that since you're a good person and have nothing to hide, strong passwords are unnecessary. Here's why that's not true:
Every day, Bad Guys try to break in to every computer on the internet. This is an automated process conducted by a network of criminal-controlled "bots", continuously trying usernames and passwords that might be valid.
Last month we experienced two painful reminders of this fact; both involved customer passwords being guessed and their accounts used without their consent. Both events caused brief service interruptions.
Too early on a Sunday morning in January, our operations team received alerts that the number of outbound email messages being refused by remote servers had suddenly increased. Upon investigation, we discovered that a single authenticated user was sending tens of thousands of messages through one of our mail servers. The messages were coming from multiple sources (in China, Indonesia, and Romania) and contained various advance fee scams (where a wealthy heiress offers you 10% of her 38.5 million dollar fortune, just for helping out).
We immediately terminated the connections, deleted the outbound mails, and changed the customer's password.
Also in January, we experienced several network disruptions caused by brief but massive floods of data emanating from our SSH shell server. It turned out that one customer's account was being used by people in multiple countries as a launch point for probing thousands of other servers, for the purpose of identifying additional easy-to-guess passwords! (And the cycle continues...)
While we have further work to do on the matter, we've recently made changes to OnSite to require stronger
passwords. For a super-strong password, you should use eight or more upper and lower case letters, numbers, and special characters (like #, @, %). For assistance, Microsoft offers a password strength checker and pwgen.net will generate random strong passwords for you.
We're also talking about password strength in the Feedback Community, so please drop by and let us know what you think.
The Bad Guys show no indication of slowing their continuous assault, so we hope everyone will take this opportunity to review and update their passwords. Even if you have nothing to hide.
-JM
Comments