Difference between revisions of "Compromised"

From XMission Wiki
Jump to: navigation, search
(Compromised)
(Password Criteria & Guidelines)
 
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
=Compromised=
+
XMission email and how to tell what is going on with your mailbox.
  
Hackers want access to anything they can get their hands on, that includes your email account. Your email account can be used to send out spam email. How did they get your password? Before we talk about how they got your password lets review some practices of having a secure password.  
+
==Traditional XMission.com email==
 +
 
 +
When you try to log into https://webmail.xmission.com do you get something like this?<br>
 +
[[File:Compromised-1.png]]
 +
 
 +
If so, your account may have been compromised and you will need to call Technical Support.
 +
 
 +
 
 +
==Hosted Zimbra business email==
 +
 
 +
This area explains what happens to hosted Zimbra mailboxes that have been locked due to abuse: https://wiki.xmission.com/Hosted_Email:_Admin_Panel#Mailbox_locked_for_abuse
 +
 
 +
 
 +
== How mailboxes are locked for abuse==
 +
 
 +
Let's take a look and find out what how this may have happened.
 +
 
 +
Hackers want access to anything they can get their hands on, including your email! Your account can be abused to send out spam email.  
 +
 
 +
This abuse can be due to any of the following reasons;
 +
* Successfully compromised by a phishing attempt and shared their password with someone they shouldn't have.
 +
* Use of a previously compromised password on another Internet site or service.
 +
* Malware on a computer or device.
 +
* Rootkit on the computer.
  
 
==Lets take a look at what makes a bad password==
 
==Lets take a look at what makes a bad password==
 
#Do not use only letters or numbers
 
#Do not use only letters or numbers
#Do not use names of your family members, spouses, boyfriends, girlfriends or pets
+
#Do not use names of your family members, significant others, or pets
 
#Do not use your phone number, birthdates or Social Security numbers
 
#Do not use your phone number, birthdates or Social Security numbers
#Do not use your username
+
#Do not use incorporate your username or name of the service provider
 
#Do not use any words that can easily be found in a dictionary
 
#Do not use any words that can easily be found in a dictionary
  
Some things you might want to think about also is '''NOT''' using some of the most common passwords -
 
#password
 
#changeme
 
#123456
 
#admin
 
  
 
==Password Criteria & Guidelines==
 
==Password Criteria & Guidelines==
  
#Passwords must be between 6 and 32 characters in length and are case-sensitive.  
+
#Passwords must be between 8 and 128 characters in length and are case-sensitive.  
#Passwords must contain both alphabet and numeric or special characters.
+
#Passwords must contain a minimum of 1 upper case letter, 1 lower case letter, a number, and symbol.
#The most secure passwords are random. Visit passwordcard.org to generate random passwords for all your online accounts.
+
# Secure passwords are long and randomized. Visit https://passwordcard.org or https://ae7.st/g/index.html for random password generators
#You cannot change your password to the same password, or use your account name as your password.
+
#You cannot change your password to be the same as any of your past 10 passwords.
 +
#Never re-use old passwords from other Internet sites, especially those which may have been compromised. Check here: https://haveibeenpwned.com/
 +
 
 +
==Change your password often==
 +
We know it may be hard to keep track if you have multiple passwords. However it is suggested that you change your password at least once a year. Some companies require password updates every 90 days. This is a great habit to get into. Lastly, password managers like BitWarden, KeePass, and others, make keeping your online data easier. Many have free and paid options.  
  
  
==Change your password often==
+
 
We know it may be hard to keep track if you have multiple passwords. However it is suggested that you change your password often, once to twice a year. Most companies required you to change your password every 90 days. This is a great habit to get into. You can use sites like LastPass to store your passwords if you do not remember them.
+
[http://xmission.com/password Change your Password]
 +
 
 +
[[Category: Security]]
 +
[[Category: Email]]

Latest revision as of 12:57, 26 May 2022

XMission email and how to tell what is going on with your mailbox.

Traditional XMission.com email

When you try to log into https://webmail.xmission.com do you get something like this?
Compromised-1.png

If so, your account may have been compromised and you will need to call Technical Support.


Hosted Zimbra business email

This area explains what happens to hosted Zimbra mailboxes that have been locked due to abuse: https://wiki.xmission.com/Hosted_Email:_Admin_Panel#Mailbox_locked_for_abuse


How mailboxes are locked for abuse

Let's take a look and find out what how this may have happened.

Hackers want access to anything they can get their hands on, including your email! Your account can be abused to send out spam email.

This abuse can be due to any of the following reasons;

  • Successfully compromised by a phishing attempt and shared their password with someone they shouldn't have.
  • Use of a previously compromised password on another Internet site or service.
  • Malware on a computer or device.
  • Rootkit on the computer.

Lets take a look at what makes a bad password

  1. Do not use only letters or numbers
  2. Do not use names of your family members, significant others, or pets
  3. Do not use your phone number, birthdates or Social Security numbers
  4. Do not use incorporate your username or name of the service provider
  5. Do not use any words that can easily be found in a dictionary


Password Criteria & Guidelines

  1. Passwords must be between 8 and 128 characters in length and are case-sensitive.
  2. Passwords must contain a minimum of 1 upper case letter, 1 lower case letter, a number, and symbol.
  3. Secure passwords are long and randomized. Visit https://passwordcard.org or https://ae7.st/g/index.html for random password generators
  4. You cannot change your password to be the same as any of your past 10 passwords.
  5. Never re-use old passwords from other Internet sites, especially those which may have been compromised. Check here: https://haveibeenpwned.com/

Change your password often

We know it may be hard to keep track if you have multiple passwords. However it is suggested that you change your password at least once a year. Some companies require password updates every 90 days. This is a great habit to get into. Lastly, password managers like BitWarden, KeePass, and others, make keeping your online data easier. Many have free and paid options.


Change your Password