Why Passwords May Not Keep Your Email Safe

Two-factor Authentication using phone pin and passwordWe live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of “bad guys” trying to gain access to that data is also increasing, and hackers have some pretty sophisticated tools at their disposal to try to force their way into your data. They use a variety of tactics, including social engineering, brute force attacks and dictionary attacks, among others.

The problem is made worse by the prevalence of weak passwords. Did you know that, even in 2016, one of the most common passwords is 12345678? In an experiment conducted in 2013, with the help of a list of hashed passwords obtained online, hackers were able to crack about 90% of a list of over 16,000 passwords.

Passwords are not just vulnerable to external threats. They must be protected from internal threats as well. Have you ever written down a password on a piece of paper, and then thrown it in the garbage? Have you ever discarded an old hard drive without destroying it? If this information gets in the wrong hands, it can lead to severe financial loss for a company, and damage to its reputation.

Passwords and usernames belong to one of three types of identification data:

  1. Something you know
  2. Something you own
  3. Something you are or do (such as a fingerprint or other biometric element)

Passwords and usernames fall within the category of “something you know.” The three items listed above are considered factors of authentication, so when only one type of data is used to log into a system (such as a username and password), you are using a single factor of authentication.

Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. Requiring a second factor of authentication can drastically reduce data theft.

Two-factor authentication is not a new concept. In fact, most of us already use it in other ways besides accessing our email. Here are some examples of two-factor authentication that many of us already use daily:

  • An ATM card (something you own) and a PIN (something you know)
  • A credit card (something you own) and a zip code (something you know)
  • A phone (something you own) and a fingerprint (something you are)

In MDaemon 16, we added two-factor authentication for WorldClient, MDaemon’s webmail client. With two-factor authentication, users must provide two forms of authentication – a password and a unique verification code that is obtained via any client that supports Google Authenticator (available in the Google Play store).

Two-factor authentication has many benefits:

  • It provides an extra layer of defense when a password isn’t strong enough.
  • It reduces online identity theft, phishing, and other techniques because a victim’s password isn’t enough to gain access to his or her data.
  • It helps companies in finance, health care, and other industries comply with PCI, HIPAA and other regulations.
  • It makes working remotely safer.

In this video, we demonstrate how to enable and use two-factor authentication in MDaemon and WorldClient.

If you’re concerned about privacy and security, two-factor authentication provides extra protection for your data. Upgrade to MDaemon 16 to take advantage of this extra security, or click here to download your free trial!

Spread the love

MDaemon 16 = 2016

We’re only 3 months into 2016 and we’ve already launched MDaemon 16!MD v16

Coincidence? Not really. However, it’s nice to see that major version releases of MDaemon now correlate to the year of the release.

Of course, we will continue to add additional features and minor releases throughout the year. For some, this alignment may not seem like a big deal. But for others, it will help them easily identify when they are on older versions and investigate what new features they could be using.

Like many companies we communicate each time a new version is released to share what new features and fixes customers can expect. We even have a web page dedicated to MDaemon features by version to highlight the changes within each release. Yet I’m consistently amazed to hear from customers who are on older versions of the Windows-based email software say, “I didn’t know you had that feature!”

To help, we’re going to take more time to share use cases and highlight many of the more popular features of MDaemon, and more importantly WHY you should care. After all, we add these features because our customers request them. Just have a look at Alt-N’s Idea Engine and you can get a sense of just how many requests get submitted and voted upon.

For now, I’ve summarized some key features in MDaemon 16 below. And as always, more technical detail can be found in the release notes on the MDaemon download page.

Throughout the year you can expect more information and detail coming from me and the team to help you understand the value of the features and why they are important.

So, please stay tuned!

MDaemon 16 New Features for End Users

Contact Synchronization using CardDAV

Building off the previous addition of CalDAV for calendar synchronization, users can now synchronize their contacts with their favorite mobile device or other mail client using the CardDAV protocol. Notable CardDAV clients are Apple Address Book (included with Mac OS X), Apple iOS (iPhone), and Mozilla Thunderbird via the SOGO plugin.

Improved WorldClient Web-based Email Security

WorldClient has added Two Factor Authentication (TFA) to make users more secure when strong passwords may not have been implemented. WorldClient users who enable Two Factor Authentication will be required to enter a verification code before they can have a logged in session. This feature can be used with any client that supports Google Authenticator (available in the Google Play store).

MDaemon 16 New Features for  Administrators

 Flexible Email Account Migration Tool

A new migration app is available along with MDaemon’s original MDMigrator, which allows administrators to migrate data from Microsoft Exchange Server. The new ActiveSync Migration Client for MDaemon provides improved migration support for administrators by easily migrating email, calendars, tasks, notes, and contacts from any mail server that supports ActiveSync protocol version 14.1.

Spambot Detection

MDaemon’s new Spambot Detection feature tracks the originating IP address from which every return-path value (sender) uses over a period of time. If the same return-path is used by multiple IP addresses (more than can normally be expected) within a given period of time, then this typically indicates a possible spambot network is being used. When a spambot is detected, the connection is dropped and the sending address can optionally be blacklisted for a designated period of time.

Remote Administration on Mobile Devices

MDaemon’s browser-based Remote Administration application has been updated with a more dynamic design that automatically adjusts information based on the size of the screen used – whether the user is on a phone, tablet, or PC.

Improved API for Complimentary Applications

MDaemon now includes an XML API which allows third-party developers to integrate complimentary applications (such as CPanel, etc.) with MDaemon. The API allows for the retrieval of information from MDaemon, including lists, accounts, domains, and more, and also provides the ability to make configuration change

Spread the love