We are now using Long Passwords to improve security on your accounts. These greatly improve system security by making it almost impossible for a "hacker" to guess your password.  The normal way this is done is by exploiting a security hole which gives the hacker access to the encrypted versions of your passwords.  There are MANY programs out there that special in trying millions of combinations in an attempt to match the actual password.  Passwords like "bear44" can be cracked in matter of seconds.

The following notes should help you in making a good password selection AND also help you in remembering your passwords. It will also explain, "why can't I just use my old stuff and accept the risks!"

We would like to move to a "single password" system, but unfortunately most FTP clients that are easily available to do no support secure connections.  While we do enforce secure Control Panel login easily, that is not possible with FTP.

When using short password (less than 6-8 characters), you are almost forced to use something cryptic because no meaningful words can be used.  The best short passwords use a combination of upper/lower case and numbers IN BETWEEN. "be44ar" is MUCH harder to crack than "bear44".  The "hackers" know people likely put numbers at just the beginning or end of a password, and usually only one or two.  They then guess letters for the rest and that greatly reduces the number of selections.

With Long Passwords (12 characters of greater) you can form phrases which can be easier to remember and almost impossible to hack in a time less than years!  The use of both Capital and lower case letters, including numbers, makes the hackers job more difficult AND by including those special characters in positions other than the beginning or end makes it almost impossible.  For example: Mary4Joe&Cookie,  Big8Bugs4You

You may have several different Long Passwords to manage and the best thing is to use minor variations on a theme for each different location where a password is required:

Mary4Joe&Cookie,  MARY4JoeNCookie, Mary4JoeNCream

Some people think that by changing one letter, it makes it easier to guess.  Modern password generation ensures the encrypted passwords is dependent on each and every character -- just change one and you get something complete different.

It is important to make a couple of things different.  If the hacker does get one of your passwords, you don't want to make it a ONE letter variation to get another.  That too can be easy to determine.

Many of you just don't want to deal with this and would like us to allow you to use your simple passwords and accept the risks.  We hope you will realize that once a hacker gains access to YOUR account, he also has a foot hold in our systems.  It becomes all the more easier for the hacker to attempt to monitor system activity and potentially use your account as way of reaching others...

ALSO, we are NOT perfect in security.  A recent security exploit was caused by an Administrator who thought they had applied a security patch (but had missed a step!).  So...your site won't be destroyed "just" because you had a simple password, but also because of a slip on our parts -- how would you feel about that?

 Security is a matter of "layers" and also "monitoring."  The Company has many years of experience and we are doing the best we can to provide you with a secure and productive environment.  Your suggestions are always welcome!