In last few months, we have noticed a huge amount of spam mails originating from our servers due to the compromised email accounts. We wanted to give our users the freedom to choose their passwords. However we don't want to open a security threat on our servers due to weak passwords set up for these accounts. So we are updating our password policy on our Windows shared hosting servers so that weak email account passwords cannot be set. This change will help harden the security of accounts from brute force and dictionary attacks which are the most common form of account compromise.
When will this change implemented?
We will enforce this password update policy change on all our Windows Plesk shared hosting servers soon by next week one server at a time. If weak passwords are set, we will notify you by sending an email.
What has to be done?
If you have set up weak passwords for email accounts, you need to reset it to a strong password immediately. If you fail to do so, then our system administrator will change the password and provide you new password through email which can be later reset by you using Plesk panel with your choice of password.
In such cases, if you are unable to access the email accounts using the old passwords, you can reset it from the Plesk panel. Also, if you have configured your email accounts using any email clients (like Outlook, Thunderbird, etc) then you need to update the new password in your email client.
What are the requirements of a strong password?
Password strength: When users set a new password in the system (create a new one or change an existing one), they are required to adjust the password according to the minimum strength requirements specified. The strength of a password is calculated based on its overall length and complexity (usage of digits, upper and lower-case letters, and special characters).
Minimum password strength: Very strong
These passwords are at least 16 characters long and include multiple occurrences of upper and lower-case characters, digits, and special symbols. Example: ~!my_P@$$w0rD123. Such passwords provide the best possible protection, though they are rather hard to remember.
It is always recommended to set strong passwords for your accounts (Plesk accounts, FTP, email, database users).
Please feel free to contact our support helpdesk in case you need any help.
Thursday, February 11, 2016