Password Policy Enforcement
Since we’ve began hosting our clients, we have given our clients a certain freedom with their passwords. We’ve always advised our clients on the best practices for their passwords and we’ve taken every effort to safeguard those passwords but this only goes so far. Starting today, October 14, 2020, we are now enforcing best practices for passwords across all servers, all accounts, all emails!
What It Means for You
If you have been using our recommendations for your passwords, you’ll notice no change whatsoever, in fact, nothing will change for you at all. However, if you’ve been relaxed on changing your password or if your password contains a dictionary word or exists in a cracked database, you’re going to find that your backup-email account gets a new email. If you don’t have a backup email your account will just be locked and you will need to call us to have this reset.
What It Does
With all accounts we’re checking that your passwords are at least 8 characters long, do not contain dictionary words, and that they are not previous compromised. If our system finds that your passwords are less than 8 characters long, contains a dictionary password, or has been previously compromised elsewhere, you will be promoted to change your password when you try to set it. If our system later finds that either your password has been compromised or that you have used it for more than 60 days, you will be given a 7 day warning email to change your password. Failure to do so results in your account being locked and recoverable only by the lost-password feature located at email.goldsborowebdevelopment.com (if you have a backup email, if not, you must contact us to reset your password).
What Good Comes of It
With password enforcement, you will find that there will be a higher email delivery rate as less accounts will be compromised allowing us to have a higher legitimate to spam ratio which will improve our server’s reputations with all other email providers. That means email is more reliable and there is less work for us to do in trying to repair email server reputations by addressing the root cause of the reputation loss – account compromises.
We have in the past taken other measures which we are keeping in place including out-bound spam checking and email throttling. With the spam checking, it proved to be very unreliable because the system would sometimes stop checking outbound spam when it detected high email load as it was a large contributor to CPU load. We also had a system in place that limits outbound and in-bound emails per email account and per-domain. We will be keeping this in place as well as with the spam checking as well. These are features that did help and minimized the reputation losses but it did not prevent it only lessened it. A great password enforcement policy should almost outright prevent all reputation losses in the future and keep our servers safe and secure for all email account owners.
If you have any questions or concerns with this new policy and feature, please call us any time during normal business hours at 919-648-1333.