Brinkster Knowledge Base

KB Home   /  Support  /  Email  /   Email Account Security
Email Account Security Articles

Email Password Security:

It is highly suggested you adopt minimum password complexities to help avoid unwanted access to your email account. Nothing helps compromise your email faster than choosing a password of "password" or a password that matches your email account name (i.e. stevensmith@domain.com with a password of stevensmith)

Email Account Passwords:

- Your organization will want to consider a minimum password complexity policy.
        + In general, passwords should be difficult to guess, and easy to remember.
        + The most secure passwords usually contain letters, numbers, and symbols with both upper and lower case. 
        + An easy way to choose a password is to use a mnemonic device or acronym such as i<38$crM (I love ice cream). 
                A sentence or saying that is easy for you to remember but hard for someone to guess.

- DON'T use personal information in your password.
        + An email address of stevensmith@domain.com with the password of "stevensmith" is NOT secure
                Consider a password as suggested above.
                such as $t3ve!S@wsm (Steve is awesome)
        + Your birthday, address, and name or any combination of should NOT be part of your password
        + Personal information is easily tracked and found on popular networking sites
                such as facebook, myspace, youtube, twitter, linkedin, etc.

- Your organization will also want to consider a password storage policy
        + Many organizations restrict storage of company related passwords
                * storing passwords un-encrypted can result in security events, loss of data, and leaked secure information
        + If your organization allows for storage of passwords, you should consider an encrypted storage method
                * such as KeePass - http://keepass.info/
                * or others - LifeHacker.com Aritcle
                * Brinkster is not directly affiliated with any password storage software or support for them
        + Your organization's industry regulations *may* also dictate password / storage policies
                * you will want to confirm you are not violating any of these policies


Mobile Device Security:

- Mobile Device pin / password
        + Your organization will want to consider a mobile device pin or password policy.
                * Consider the case of a lost or stolen phone or tablet computer.
                * No amount of email encryption will protect a mobile device from being physically stolen and or viewed in person
        + Add this base level of security to mobile device to help prevent most information leaks due to physical device loss

- Failed pin lockout / device wipe policy
        + If you already have a device pin policy, your organization may want to consider a pin lockout policy.
        + Lockout for a pre-determined period of time or wipe supported mobile devices.
                Such as iPhones, Android Phones, Windows Mobile.
        + Learn how to remotely wipe lost and stolen mobile devices with a Business Professional Mailbox.

- Some organizations also require mobile device encryption - consult with your organization's policy makers about this.
        + For example: laptops, mobile phones, and tablet computers.