{"id":1179,"date":"2018-02-14T11:00:31","date_gmt":"2018-02-14T16:00:31","guid":{"rendered":"http:\/\/www.exchangedefender.com\/blog\/?p=1179"},"modified":"2018-02-14T14:04:23","modified_gmt":"2018-02-14T19:04:23","slug":"exchangedefender-account-lockouts","status":"publish","type":"post","link":"https:\/\/www.exchangedefender.com\/blog\/2018\/02\/exchangedefender-account-lockouts\/","title":{"rendered":"ExchangeDefender Account Lockouts"},"content":{"rendered":"

<\/p>\n

We live in interesting times. With over 1.4 billion compromised accounts and users relying on the same password for every site, it\u2019s nearly impossible to secure users that don\u2019t want to set strong passwords. Nevertheless, that\u2019s what you pay us for and we\u2019re doing our best.<\/p>\n

Until the new Service Manager is in and automatic service policies with full compliance are added in, we\u2019ve been forced to institute lockouts on accounts that are being compromised or have suspicious activity. Unfortunately, when an attack on a mailbox is launched it doesn\u2019t come from one IP address, it comes from hundreds, and blocking them is impossible.<\/p>\n

But locking the account and making the client change the password to something that isn\u2019t on the dark web.. that\u2019s simpler. This is something that absolutely has to get done, if the account is used for spamming purposes it can blacklist that address, domain or worse.<\/p>\n

\"sm_2\"<\/a><\/p>\n

If your account gets locked out due to a security compromise, you can now unlock them and restore service automatically. <\/p>\n

Just go to the Service Manager, find the user, reset the password and you should be all set. <\/p>\n

P.S. In the event that you aren\u2019t regularly changing your clients passwords, or you have ridiculously simple ones, we need to talk<\/strong>. Part of the issue is that your clients, regardless of size location or industry, are just SPAM zombies waiting to happen if you don\u2019t set long and complex passwords that aren\u2019t used anywhere else. If you don\u2019t want to do that, we need to talk about two factor authentication. ExchangeDefender network has never been compromised \u2013 but individual accounts get popped all the time and it\u2019s generally with a password that is well known and available in a simple Google search.<\/p>\n","protected":false},"excerpt":{"rendered":"

[…]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-1179","post","type-post","status-publish","format-standard","hentry","category-hosted-services"],"_links":{"self":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/1179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/comments?post=1179"}],"version-history":[{"count":2,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/1179\/revisions"}],"predecessor-version":[{"id":1181,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/posts\/1179\/revisions\/1181"}],"wp:attachment":[{"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/media?parent=1179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/categories?post=1179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.exchangedefender.com\/blog\/wp-json\/wp\/v2\/tags?post=1179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}