20 percent of accounts could be compromised in 5000 attempts.

A recent study of some 32 million pilfered passwords has exposed some revealing lessons on how computer users choose their watchwords.

The analysis conducted by the iMperva Applications Defense Center discovered that 60 percent of users picked passwords from a limited set of alpha-numeric characters. What’s more, 50 percent of the watchwords were names, slang, dictionary words or trivial passwords, such as 123456 or “Password.”

What distinguishes this study from similar research in the past is that, rather than being based on user surveys, this analysis is based on a database of actual user passwords, which were stolen by a hacker and posted to the Internet as plain text.

“The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic, brute force password attacks,” the researchers wrote in their white paper.

“Ironically,” they added, “the problem has changed very little over the past 20 years. In 1990, a study of Unix password security revealed that password selection is strikingly similar to the 32 million breached passwords.”

When scrutinizing the purloined passwords, the researchers used standards published by NASA for the creation of strong watchwords. Here’s how the words fared against those benchmarks.

NASA recommends that passwords be at least eight characters long. The researchers found that nearly half (49.4 percent) of the filched watchwords contained seven characters or less. What’s more, more than 30 percent of them were six characters or less. By comparison, more than 28 percent of the passwords in the mix were greater than eight characters in length.

Continue reading Survey identifies worst password practices

The end of the year is upon us, and for most of us this means time off from work to celebrate Christmas with our families and take a much needed break.  But before we shut down our computer and head out the door there are a few extra things that email admins need to think about.

Patches and Security Updates

Before taking an extended break is a good time to double check that your email servers are up to date with the latest security updates.

This includes updates for the server operating system, the email server application, and any other components on the servers such as backup agents, faxing software, and antivirus agents.

Even if your patching is automated it might pay to manually apply the latest updates now so that any problems that arise can be dealt with while you are still at the office.  You don’t want to get a phone call while you’re relaxing because the server was knocked offline by an automated update.

Backups

A lot of businesses use the end of the year to take a full backup of systems to store as a long term archive.  This is best performed while you are still available to assist with any issues and make sure that the backup is 100% successful and can be relied upon later for recovery if necessary.

At the same time some businesses halt their backups over the holidays if no staff will be present to change backup tapes.  For Exchange servers it is important to ensure that enough transaction log space is available for the server to run without backups for a week or more.

Support Calls

Nothing is worse than getting phone calls on your holiday for simple questions or problems.  If the business is still operating over the Christmas period and you might get phone calls from the Help Desk or on call staff then you can save yourself from being bothered by putting the right documentation and systems in place. Continue reading Christmas Checklist for Email Admins

Password problems can be perplexing – sorry I couldn’t resist the tongue twister

Seriously, administrators will have the challenge of correcting password issues under time constraints as business activities and users are all working toward completing projects on time. So having a tool chest of techniques for solving and correcting password issues is a requisite of any good administrator.

One problem that you will encounter from time to time is when passwords are not being kept by Outlook even though they have been specified to be retained. This may happen even if the “Save Password” box has been checked.

Several solutions have been offered on the internet.

Deleting User Account Information

One solution involves deleting the user account information and resetting the password. This method involves making changes to the Registry. As always, anytime you touch the registry you should always back it up first.

There are other times when Outlook doesn’t remember the passwords after the operating system has been reinstalled. The system is configured correctly in that the correct passwords are in the account properties but when the end user attempts to send or receive an email they get the username and password dialog box popup.

Disabling Prompts

Another solution you can try is to disable the prompt that asks to save passwords. You can do so by bringing up the Control Panel by going to the lower left corner of the screen and clicking on the Start button and then click on Control Panel. Once you have the control panel up you should then double click on Internet Options and select the Content tab. Next, click on the AutoComplete button in the Personal Information section. Check the box for “User names and passwords on forms” and uncheck the box for “Prompt me to save passwords”. You should now close Outlook and then restart it and try your password again.

Continue reading Troubleshooting Outlook Password Problems