Overview

As part of Conetix’s continual commitment to security, we have been running an analysis of weak passwords across our platforms. This analysis has taken into account the ways in which we see attackers try to compromise passwords and includes things such as review of dictionary words, simple combos of words and numbers and even basic letter substitution.

If you have received an email notifying you of a weak passwords, we have enforced a two week mandatory reset after which if the password hasn’t been changed we’ll force a new password. No email will be lost, however your email client won’t be able to connect until you contact our support team for the new password.

Articles for assistance

Further reading

Secure Passwords: Why They’re Important

When choosing a password, most people don’t place much of an importance on the complexity or uniqueness of the password to ensure it’s secure. Unfortunately, hackers out there are continually… Read more »

Read more

FAQ

Conetix has emailed me to tell me my password is weak but Plesk says it’s strong

This is because Conetix also takes into account your username and domain name for testing password strength. Currently, Plesk doesn’t review this data when looking at the passwords and can unfortunately give a false impression of the password strength. Plesk have marked this as bug PPPM-13796 and will fix in the near future (thanks to the issue being reported by Conetix!).

How can Conetix read my passwords?

Currently, passwords are stored in a reversible encryption format which are only accessible with full root access to the server.

What does brute force mean?

From a system perspective, we only know if a connection to your email is legitimate or not by the fact that they get the username and password correct. Systems can therefore keep guessing over and over which is what’s referred to as brute force attack.

While we limit and even block remote systems which make too many bad attempts, systems out there are are clever in the fact that they only make a small number of attempts per minute and also can do so from thousands of different systems so that there’s not one unique identifier to block them by.

Who would want access to my email anyway?

In short, a whole bunch of people. This email account could be used in a variety of malicious ways, such as sending spam email to others, using it for phishing and even distributing malware by pretending to be you and emailing an infected file to everyone you’ve had contact with.

Was this article helpful?

Related Articles