Imagine your email routine. You log into your email and sit back to tackle your correspondence. You notice with some pleasure that there is a lot less spam than usual, and note that there generally is a light load to address. But then suddenly the mail you were about to read is gone. A few minutes later a few messages appear again and you start reading them. Then, boom - they are gone too. Panic takes hold.
This is the sort of thing that we all imagine can't happen to us - but is possible, and it did happen to a Kabissa member this week. It took a few days for them to realize what was going on, and it took an inquiry to Kabissa tech support to confirm it. We reviewed the server log files and found that the member's mail was indeed being picked up from somewhere else - by someone else.
What is the lesson learned? We are all at risk of this sort of thing happening to us if we do not change our passwords from time to time. We all have to tell colleagues our passwords for one reason or another during the course of our work. That is perfectly okay and we know who we trust, but there is a risk of passwords falling into wrong hands. This member doesn't even know who could possibly be accessing their email.
Related Content on Kabissa:
Links:
[1] http://www.kabissa.org/about/news/how-can-i-make-my-e-mail-private-and-secure
[2] http://www.kabissa.org/about/news/why-should-i-provide-e-mail-mailboxes-my-staff
[3] http://www.kabissa.org/about/news/i-can-never-think-good-password-help
[4] http://loghomeinfo.wordpress.com/
[5] http://www.kabissa.org/user/1
[6] http://del.icio.us/tobiaseigen"
[7] http://www.flickr.com/photos/tobiaseigen
Good reminder about passwords
Another thing to think about is having different passwords for each logon ID you have. Many people just use the same password for everything. So if there password is hacked, all of their accounts are compromised.
Yes but then remembering lots of passwords is challenging!
(how did you find us?)
Thanks for the comment regarding securing passwords. I think you're right about the risk of being hacked simply by using the same password for everything. Indeed if a password becomes compromised/shared then you want to minimize the risk of damage.
What I have done personally is developed a strategy for keeping "low security" and "high security" passwords. I change them all periodically, but the passwords to things that matter most (eg root access to the Kabissa server) are unique and changed on a regular schedule.
Put another way, I wouldn't use the same password for accessing my bank account that I use for accessing my email every day. But I might use the same password (or two similar passwords) for accessing my delicious [6] (social bookmarking) and flickr [7] (social photo sharing/management) accounts.
Cheers,
Tobias