Thursday, July 12, 2012

Pobox Best Practices: Update your password.

There have been a lot of changes going on at Pobox in the last few months!  Some are apparent immediately, but others, you can't see. Today, one of those invisible changes is in place... but we need your help to see the benefit.

As times change, so do the best practices for common tasks like password management.  We've made a big update today, to bring our policies in line with those best practices.  We've updated our encryption algorithm to use bcrypt, and to extend the length of both they key and the unique salt we use to encrypt your passwords.  We've dramatically increased the maximum password length, up to 72 characters.  We've removed most of our restrictions on what special characters you can use.  We've also made it easier for us to switch to newer, stronger encryption methods as they become available.

To take advantage of all these new changes, you need to log into the website and update your password.  Even if you use the same password again, you'll get the benefit of our strengthened encryption standards.  But, to entice you to choose something longer and harder to guess, we've added a tool to the website to tell you, in time, how long it would take for a computer to guess your password. 

As you've probably noticed from previous blog posts, we think account security is incredibly important.  And because so many websites send your password reset requests to your email, the security of your email account is especially important.  Please take a few moments to update your password today.

Update: At the time this post was originally made, we believed we could support passwords up to 500 characters. This turned out to be inaccurate. The blog post has been updated to the correct limit of 72 characters. Please accept our apologies.

2 comments:

  1. Thanks for describing it, but how do I actually do the update?

    ReplyDelete
  2. Just go to https://www.pobox.com/login/mason/change-password/index.mhtml

    ReplyDelete