ExchangeDefender Account Lockouts – ExchangeDefender Blog

February 14, 2018

ExchangeDefender Account Lockouts

Filed under: Hosted Services — vlad @ 11:00 am

We live in interesting times. With over 1.4 billion compromised accounts and users relying on the same password for every site, it’s nearly impossible to secure users that don’t want to set strong passwords. Nevertheless, that’s what you pay us for and we’re doing our best.

Until the new Service Manager is in and automatic service policies with full compliance are added in, we’ve been forced to institute lockouts on accounts that are being compromised or have suspicious activity. Unfortunately, when an attack on a mailbox is launched it doesn’t come from one IP address, it comes from hundreds, and blocking them is impossible.

But locking the account and making the client change the password to something that isn’t on the dark web.. that’s simpler. This is something that absolutely has to get done, if the account is used for spamming purposes it can blacklist that address, domain or worse.

sm_2

If your account gets locked out due to a security compromise, you can now unlock them and restore service automatically.

Just go to the Service Manager, find the user, reset the password and you should be all set.

P.S. In the event that you aren’t regularly changing your clients passwords, or you have ridiculously simple ones, we need to talk. Part of the issue is that your clients, regardless of size location or industry, are just SPAM zombies waiting to happen if you don’t set long and complex passwords that aren’t used anywhere else. If you don’t want to do that, we need to talk about two factor authentication. ExchangeDefender network has never been compromised – but individual accounts get popped all the time and it’s generally with a password that is well known and available in a simple Google search.