Knowledgebase
Email Password Policy

In an effort to ensure the security of our customer email accounts, Webserver will adopt a new password policy on 28th March 2013. The purpose of this policy is to provide additional security to the email system, as well as help to ensure the continued enjoyment of our email service for our customers.

It is the policy of Webserver to regulate the length and difficulty of email account passwords to improve security. The use of your username as your password is no longer allowed. All passwords must contain a minimum of 10 characters. The following specifications must be met:

  • Passwords must contain a minimum of 10 characters
  • Require a number in the password
  • Require a capital letter in the password
  • Require a lower case letter in the password
  • Require password does not match username
  • Require a symbol in the password

Passwords are not advised to contain three or more consecutive letters used in your username. For example: If your username is "zerocool", your password shouldn't be "sChool2077" as it contains the letters "ool" from your username.

We encourage the use of symbol (!,@,#,$,%,^,&).

Do not shared the SAME PASSWORD among users.

You may use the Strong Password Generator to generate the new password.

Below are examples of “strong” and “weak” passwords:

Strong

Weak

aVmu67v1 

(contain number, capital & lower case letter as well as 8 characters)

test 

(too short & too common)

+6:@]f/C

(contain number, symbol, capital & lower case letter as well as 8 characters)

test1234 

(too common)

 

07152006 

(no capital & lower case letter)

 

webserver 

(no number or capital letter)

Question: I find this inconvenient, I don't want a complex password.

Answer: Unfortunately, hackers and spammers are a reality. And via automated bots they are constantly attempting to guess passwords for user accounts. Without password complexity requirements, many users unfortunately make common and poor choices for passwords, like "123456" or the slightly more complex "1234567". Even in recent years with most internet users knowledgable about hackers and malware, some users are still using the tried and true password of "password". As a result, these passwords are easily guessed by hackers, and then their mail accounts are used to send massive batches of spam.

When this occurs, the sending mail server will often get blacklisted on spam blacklisting services. This then impacts the ability of all email users on the same server to send mail. For shared hosting, this means a poor password choice by a single user can impact the email sending ability of hundreds of email users.

Unfortunately, we've continued to see this scenario occur. In the interest of ensuring mail services to all users are not impacted as a result of weak password choices from other users, we are increasing our email password complexity requirements on shared hosting servers. This mechanism is to protect our customers and to ensure the availability of mail services for all customers of our shared hosting services. Exceptions can not be granted on a domain or user level basis.