Domain owners should be concerned about their own security precautions, not just that of domain registrars.
Ever do something really stupid? That was me last night.
I had a couple passwords for brokerage accounts at home that I wanted to access from my laptop. I know it’s not a great idea to send passwords via email, so I sent a cryptic email to myself that included two account login IDs and partial passwords.
There was just one problem. When I typed the email out to myself, I somehow managed to send it to a distribution list with over 1,000 people. So much for auto-complete.
Practically speaking it wasn’t that bad, since the email didn’t identify much about the accounts. Upon learning of my mistake, I immediately changed the account usernames and passwords. More than anything, I’m just red in the face. Kind of like what happens when you forget to bcc an email.
When it comes to domain registrar security, we often point the finger at registrars for not storing passwords correctly, not passing logins through secure connections, etc. These are all important, but keep in mind that the most likely cause of a security breach is you.
Here are some password and security tips:
1. Don’t use the same password at various domain sites, such as forums, registrars, and subscription services. If one is compromised, the hackers will try them at different sites.
2. Use strong passwords. A friend who worked at an utility told me something like 80% of all passwords customers entered were “password” or “jesus”.
3. Change your passwords frequently. Have a routine schedule for making changes.
4. Don’t send your passwords out to mailing lists 🙂
Elliot says
Andrew,
Got your email. While “ILoveBritneySpears” is quite a long password, I would suggest using numbers and characters in future passwords. Hope your wife wasn’t on the mailing list, too. Secret’s safe with me (and everyone else). 🙂
Andrew says
OK, I’ve changed the password to ILoveAngelinaJolie.
Oops, did I just post that?
John Bomhardt says
Good thing it wasn’t “ILoveBarbies”…hmmm?
LD says
Hey, I wasn’t on the distribution list.
I agree with your list a totally like the ideal of #3. Change your passwords frequently and have a routine schedule for making changes.
jp says
I find with my customers these passwords are common (In order of how common)
#1: blank (no password just hit enter)
#2: password
#3: love
#4: their kid’s name
#5: their dog’s name
#6: spouse’s name
This list probably covers about 90% of my customer before I get to them and force them to change their password.
Andrew says
Only 1,000 of my not-so-close friends in Austin got it.
As a word of warning to those of you using Gmail, the autocomplete feature works differently than Outlook and most other email programs.
In this case, the email I was sending it to started with “austin”. But when you start typing that into email it does a search for the email rather than looking for emails that start with the word. So it found another email address with “austin” in it.