Question:
Webmail prompts me to change my password due to password requirements
Answer:
To further enhance security and prevent abuse of customer email accounts resulting from weak passwords set by our users, 3Essentials has increased email password complexity requirements. As a result, when logging into the webmail interface, you may be presented with a requirement to update your password. And the password complexity requirements may be more stringent than previous.
Currently, those requirements enforced are:
-
minimum of 8 characters
-
number required
-
uppercase character required
-
lowercase character required
Question:
I find this inconvenient, I don't want a complex password.
Answer:
Unfortunately, hackers and spammers are a reality. And via automated bots they are constatly attempting to guess passwords for user accounts. Without password complexity requirements, many users unfortunately make common and poor choices for passwords, like "123456" or the slightly more complex "1234567". Even in 2012 with most internet users knowledgable about hackers and malware, some users are still using the tried and true password of "password". As a result, these passwords are easily guessed by hackers, and then their mail accounts are used to send massive batches of spam.
When this occurs, the sending mail server will often get blacklisted on spam blacklisting services. This then impacts the ability of all email users on the same server to send mail. For SHARED hosting, this means a poor password choice by a single user can impact the email sending ability of hundreds of email users.
Unfortunately, we've continued to see this scenario occur. In the interest of ensuring mail services to all users are not impacted as a result of weak password choices from other users, we are increasing our email password complexity requirements on SHARED HOSTING servers. This mechanism is to protect our customers and to ensure the availability of mail services for all customers of our SHARED HOSTING services. Exceptions can not be granted on a domain or user level basis.
For MANAGED Virtual Server and MANAGED Dedicated Server customers, we will set password complexity requirements to the customer's desired level, within the available options supported by the mail server product.
Question:
This means I have to change passwords on a bunch of my email accounts all of a sudden - that's inconvenient!
Answer:
Probably not. Please note that you don't have to change all accounts today... all existing passwords work fine, and will continue to work fine via POP/SMTP/IMAP based connections. You're only prompted to change password if you log in via webmail. So if you had 100 email users, you'd only have to change 100 accounts if all 100 of those users are using webmail exclusively. It's very rare that users exclusively use webmail... typically webmail is used only supplementally, i.e., for when a user is travelling. If they never use webmail, they won't ever be prompted to change their password... however, if at some point they want to change their password, they would then be required to meet the new password complexity requirements. As such, we don't expect this change to cause significant impact to users or domain administrators, as users will be able to change their passwords gradually.
|