The Weakest Security Link is You

Wednesday, October 8th, 2008

Domain owners should be concerned about their own security precautions, not just that of domain registrars.

Ever do something really stupid? That was me last night.

I had a couple passwords for brokerage accounts at home that I wanted to access from my laptop. I know it’s not a great idea to send passwords via email, so I sent a cryptic email to myself that included two account login IDs and partial passwords.

There was just one problem. When I typed the email out to myself, I somehow managed to send it to a distribution list with over 1,000 people. So much for auto-complete.

Practically speaking it wasn’t that bad, since the email didn’t identify much about the accounts. Upon learning of my mistake, I immediately changed the account usernames and passwords. More than anything, I’m just red in the face. Kind of like what happens when you forget to bcc an email.

When it comes to domain registrar security, we often point the finger at registrars for not storing passwords correctly, not passing logins through secure connections, etc. These are all important, but keep in mind that the most likely cause of a security breach is you.

Here are some password and security tips:

1. Don’t use the same password at various domain sites, such as forums, registrars, and subscription services. If one is compromised, the hackers will try them at different sites.

2. Use strong passwords. A friend who worked at an utility told me something like 80% of all passwords customers entered were “password” or “jesus”.

3. Change your passwords frequently. Have a routine schedule for making changes.

4. Don’t send your passwords out to mailing lists :)

Further Reading:

  1. Security Software Every Domain Owner Should Use
  2. Sprint.com Has a Big Security Hole
  3. eNom adds security codes to .net and .com transfers

Tags:

6 Comments » - Posted in Uncategorized by

Comments

  1. Elliot
    October 8th, 2008 | 3:11 pm

    Andrew,

    Got your email. While “ILoveBritneySpears” is quite a long password, I would suggest using numbers and characters in future passwords. Hope your wife wasn’t on the mailing list, too. Secret’s safe with me (and everyone else). :-)

  2. Andrew
    October 8th, 2008 | 3:23 pm

    OK, I’ve changed the password to ILoveAngelinaJolie.

    Oops, did I just post that?

  3. John Bomhardt
    October 8th, 2008 | 3:54 pm

    Good thing it wasn’t “ILoveBarbies”…hmmm?

  4. LD
    October 8th, 2008 | 9:21 pm

    Hey, I wasn’t on the distribution list.

    I agree with your list a totally like the ideal of #3. Change your passwords frequently and have a routine schedule for making changes.

  5. jp
    October 8th, 2008 | 10:50 pm

    I find with my customers these passwords are common (In order of how common)

    #1: blank (no password just hit enter)
    #2: password
    #3: love
    #4: their kid’s name
    #5: their dog’s name
    #6: spouse’s name

    This list probably covers about 90% of my customer before I get to them and force them to change their password.

  6. Andrew
    October 9th, 2008 | 1:22 am

    Only 1,000 of my not-so-close friends in Austin got it.

    As a word of warning to those of you using Gmail, the autocomplete feature works differently than Outlook and most other email programs.

    In this case, the email I was sending it to started with “austin”. But when you start typing that into email it does a search for the email rather than looking for emails that start with the word. So it found another email address with “austin” in it.

Leave a reply


Your comment will be deleted if: you use an invalid email address, you use a URL shortener for your web site link, your website link goes to a parked domain name, or your "name" is an advertisement keyword.


TOP