Most of us have accounts at various domain registrars, maybe a couple of parking companies and at least one or two email addressees. With potentially 10 or more accounts, all with different user names, it can be much easier to access accounts by having the same password.
This is a HUGE no-no. If a thief is able to gain access to one of your registrar or parking accounts, he will be able to see what email address is on file for that particular account. Should you use the same password for your email account, he will then be able to break into your email archive. This will allow him to not only change things with whatever account he broke into to get access to your email, but he can also search through your email and see where else you have accounts.
I know that most people use various passwords for different user accounts, and that is smart. I also know than many people are lazy and prefer to use the same password for multiple accounts. Not a good idea.
In fact, someone mentioned this on Namepros the other day, and a three letter .com domain name was stolen from his account. Thieves can be very tricky, and if you have one account compromised, you should ensure that it’s not simple for him to gain access to your other accounts.
never use birthdays or god or your name in a PW
always use at least 1 or more upper case letters
passwords 101
LOL
good tip
@ Lords
Yep… good tips.
Also never use common words, and try to use punctuation mixed in with letters and numbers.
I strongly feel the systems that hold your information should do a better job of making you use a stronger password. Which I have seen sites start to do this such as Godaddy. They require at least one letter, one number and one capital letter and minimum of I believe 6-8 characters.
Use a tool like LastPass, KeePass or 1Password to generate and store really secure passwords.
I like it when I sign into a secured location and it
displays the last time the acct. was entered and
from what ip.
I wish more secured sites would do that.
What Tobias suggests is really good.
Email accounts getting hacked is a daily routine now. The ammount of zero day exploits is staggering. Stolen credit cards are being sold in stacks and discounts are given when you buy more then 20 including with 3d codes.
Domain names are worth cash as we know and this will only get worse (accounts being hacked).
@Meyer All the system has to do when you login is simply track the date, the user id and ip address. Then run a query that orders by latest date starting after the first record. If no results found its your first time logging in, otherwise display date and ip. It doesnt really add any security except to confirm your ip but if your using a regular ISP then you normally dont have a static ip and could change.