Login Log shows attempted access
I was looking at my Logon Log and saw that on Wed 21 between 7AM and 2:30PM there were 97 failed IMAP login attempts from IP's that were from all over the world, all single attempts. I created a FM ticket asking them if this kind of probing is a common experience with FM user accounts. Their response was "yes".
For added safety I've since changed my account password, app password, and recovery code. But I was wondering what the opinions of anyone here are on this? Have you also seen this kind of behavior with FM? |
These issues with criminals trying to log into accounts have nothing specifically to do with Fastmail. This affects all accounts which have internet access (such as bank accounts). I have seen these attempts at breaking into my Fastmail accounts in the past, but currently don't see any such attacks in the last couple of weeks. These attacks are random and may start and stop unpredictably.
Because of these issues, it's important that you use a long complex password for each account (including your Fastmail account) which is not used at any other account. You can also use two factor authentication to improve your security. Even if someone was somehow able to guess or steal your password, they still can't access your account, since they don't have the other factor. I find the easiest and most flexible method is to use a TOTP authentication tool. You can allow devices you have physical control over to be "trusted devices" so you don't have to use the two factor authentication every time you log in. For more information on two factor authentication, see: https://www.fastmail.com/help/account/2fa.html Bill |
Quote:
Thanks. Quote:
Quote:
|
Quote:
|
Quote:
https://en.wikipedia.org/wiki/Passwo...mon_guidelines I would suggest a 6 character minimum length if you use random letters and numbers, or 12 characters in other cases. But it depends on how you create your password. For example, passwords such as "pass12345" are easy to guess. If you use two-factor authentication you are much more secure. Someone would need to both hack your password and get access to your mobile device containing the authentication generator. Bill |
Thank you. That's a really interesting article. I've not come across the term 'information entropy' before, but it is a useful concept.
|
All times are GMT +9. The time now is 03:08 AM. |
Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy