Changing your email password is pretty simple. Just follow the step-by-step instructions with screenshots below to change your password.

1.  Sign-in to your web-based email at http://smartermail.scarabmedia.com using your email address and your old password.

2.  If this is the first time that you have logged in to your web-based mail you may be prompted for your Time Zone, Country, and Postal Code so that your mail is displayed in local time (otherwise skip to Step 4). Select your Time Zone and Country and enter your Postal Code and click on the [NEXT] button.

3.  You may then be prompted for an Account Recovery Email Address. This address is used in the event that you forget your password and want a Password Recovery email sent to your backup address. If you have a personal account (i.e. GMail, Yahoo!, Hotmail, etc) that you also use, enter it here and click on the [FINISH] button.

4.  At the main screen of your web-based mail, click on the SETTINGS (Gear) icon in the left-hand pane.

5.  Enter your new password into the “New Password” and “Confirm Password” fields. Click on the [SAVE] button at the top of the screen when you are done.

Please note the minimum requirements for a new password:

• 8 or more characters (12 or more recommended)
• Mixed-Case (UPPER and lower case letters)
• At least one number
• At least one symbol (i.e. ` ~ ! @ # $ % ^ & * ( ) – _ = + [ { } ] \ | < , . > / ? ; : ‘ “)
• Must not contain your User Name

6.  If you are using an email client (such as Outlook, Thunderbird, Apple Mail, or a tablet or smartphone) to retrieve your mail, you will have to update your email password there as well after changing it in your web-based mail.

Permalink.

Although it should be a matter of common sense, people tend to overlook best practices for the sake of convenience.

1. Create unique password every time. When you are changing a password for an existing account, it should never be the same as the previous password. Also, do not use incremental passwords when changing it. i.e password1, password2, password13, password14, etc. If ever an old password is leaked to the internet and your account would be compromised in a minimal number of tries. A new password should be distinctly unique, and strong (random, Mixed Case Letters, also containing numbers and symbols).

 


2. Change your passwords once every 6 – 12 months. Since passwords have a fixed length (commonly 8 -16 characters), a brute-force attack to guess the password will always succeed if enough time and processing power is available to the attacker. So, it is only a matter of time before your password is compromised, no matter how secure it may be. It is therefore always recommended to change the passwords frequently. Schedule an recurring appointment on your calendar to change your passwords once every 6 – 12 months.

 


3. Never keep the same password for different sites. It is very tempting to create one set of passwords for all your email accounts, another password for all the banking sites, another password for all the social networking sites, etc. It is very important to keep unique passwords for each and every one of your accounts. If you have trouble remembering more than one password (and who doesn’t) then by all means use a Password Manager to keep track of them for you.

 


4. Never send your password in an email.  It is a common Phishing scam for hackers to send emails as a support technician asking for your username and password through email. Legitimate website or organization will never ask you for your username and password. Likewise, email accounts can be forwarded or compromised, resulting in your password sent to a trusted person being compromised as well.

 


5. Change passwords immediately when they are compromised. If ever you have the slightest suspicion that your password has been compromised, change it immediately! Don’t waste a single minute thinking about it.

 


6. Don’t use the “Remember password” option on the browser without setting a Master Password first. It is a temptingly useful feature of modern web-browsers to offer to store your username and passwords. You certainly can take advantage of this feature but only if you have enabled the “Master Password” option. For example: If you do not set master password on the Firefox browser, anybody who uses your Firefox browser (or any malware or virus that affect your computer) can see (and use) all the passwords that you have previously stored. Also, be very careful with this option when using a computer that doesn’t belong to you and always choose “Not Now” in the remember password pop-up.

 


7. Don’t type your password on a computer that does not belong to you. If possible, don’t use someone else computer that you don’t trust implicitly to login to any website, especially to very sensitive websites such as financial institutions. It is a very common practice for hackers to use keyloggers that will log all the key strokes on a system, which will capture everything you type including the passwords. Even if you do trust the person, resist the urge to enter passwords to sensitive accounts as their device may be infected with malware or viruses that have installed a keylogger.This same rule applies when using a device connected to Wi-Fi that doesn’t belong to you. It is a trivial matter for a malicious person to monitor internet activity over Wi-Fi and capture your usernames and passwords. If you have to login to an account over Public Wi-Fi be sure that your connection is encrypted before doing so.

 


8. Never write down your passwords. Creating a very strong password and writing it down on a paper is almost as bad as creating an easy to remember weak password and not writing it down anywhere.  It is an all too common practice for people to write down their passwords and keep it somewhere next to the computer. You should never write down the password on a paper. Papers can be lost, they can be read by others (including visitors, on-site technicians, and even by hackers if you have a webcam). If you want to carry your password around with you all the times, consider using a password manager that runs from USB stick.

 


9. Don’t share with anyone. Although we are taught as children that sharing is good, sharing your passwords is bad. Passwords are like underwear, you really shouldn’t share them with anybody, under any circumstances. And by “anybody” this includes family members, spouses, and children. It’s not a matter of trust (or lack thereof) as much as it is a matter of safety and security.

 


10. Don’t type your password when someone is looking over your shoulder. This is especially very important if you type slowly and search for the letters in the keyboard and type with one finger, as it is very easy for someone looking over your shoulder to figure out the password. If you wouldn’t let someone look over your shoulder when entering your Credit Card PIN number into an ATM, why would you want someone looking over your shoulder when entering your password?

Permalink.

Rarely a day goes by when another high-profile provider is compromised due to weak or insecure passwords. To date over 1.2 Billion account passwords have been leaked to the internet for use by hackers and script-kiddies. The saddest thing is that the vast majority of these passwords consist of, or contain, the same 500 phrases. As such, our system blocks the use of any kind of variation of these passwords. New passwords must not contain or consist of a variation of the following 500 most commonly used passwords:

So, for example, using the password of “Pa$$w0rd”, “P@ssword”, or “p455word” would neither be advisable or allowed, as these are all a variation of the 101st most commonly used password. Likewise the password of “TimeLord” would not be advisable or allowed either as this contains the 495th most commonly used password “time”.

For a password to be truly effective it should neither contain a name or a word found in a dictionary (in any language). It should be a randomly chosen series of letters (of Mixed Case), numbers, and symbols. For help with choosing a secure password see https://news.scarabmedia.com/help-center/guide-to-creating-strong-passwords. It is important, both to protect yourself, as well as to protect the integrity of the Hosting Services you share, to use strong and secure passwords.

A series of more comprehensive lists of commonly used passwords can be found at https://github.com/danielmiessler/SecLists/tree/master/Passwords

Permalink.