Username and Password Security Guide

Select your provider?
Our website now provides help and support to customers of Plusnet, Force9 and Free-Online. Please select your provider using the drop-down menu and you will be provided with the technical support details that are appropriate to you.

Select your provider: Plusnet Force9 Free-Online

Username Security

1. About username security

A username is a way to instantly introduce yourself to a computer, program or service. Your password then backs up this information by confirming that you really are who you say you are. Your PlusNet username may vary, depending on whether you are using broadband or dial-up to connect to the Internet.

E.g. A broadband username looks like: username@plusdsl.net and a dial-up username looks like: username

(Note: This may be different - check your username settings).

Username security is often wrongly overlooked when thinking about staying secure when you're online, with more importance given to passwords.

Your password must have a valid username linked to it, otherwise it won't allow access to your computer, application or service. Because of this you shouldn't let your computer automatically remember your username and password for you. Try and get into the habit of either entering your login details each time you connect, or at least just your password.

[Top]

2. Ways you can find out your password and broadband username

Your password: If you've forgotten your password, use our Password Recovery Form.

Your broadband username:

Don't worry if you've forgotten your broadband username. You can either:

Check in the Member Centre

1. Log into the Member Centre.
2. Under My Account click on Connection Settings.
3. Click on Connection Details.
4. Find the Login name row in the table (3rd row down) – this is your broadband connection username, e.g. username@plusdsl.net.

Please note: Your broadband username is different to your account username. It is not possible to change an account's username once the account has been created. In order to change your username you must cancel your account and create a new account with your preferred username.

Check your modem/router

Look in your modem/router's connection settings. When you set up your broadband connection these details will have been automatically stored, although for security reasons your password will be disguised (e.g. ********).

[Top]

Password Security

1. About password security

Nowadays there is a real and growing threat of data thieves, hackers and other criminals taking advantage of people who aren't security conscious.

The passwords you already use, (not just those for your PlusNet services), offer a good first line of defense against intruders on your computer, for very little time and effort. However, your computer is only really as secure as your username and password. So, everyone can take steps to improve their password security, just by following a few common sense tips.

Simply by doing some or all of the things we suggest in this guide you'll instantly increase your computer's protection, as well as protecting your own personal information.

Note: For added security PlusNet use several methods of encryption on all customer passwords. This uses complex algorithims to scramble and de-scramble your passwords, making these extremely hard to be read by data thieves or hackers.

[Top]

2.Choosing a secure password

The best kinds of passwords are those which can't be easily guessed by intruders. The trick is to try to create a password which you find easy enough to emember, but random enough to make a difficult barrier to get past. Here's some help:

1. Your password should be - between 8 and 16 characters in length and ideally include at least one number.
2. Don't create an obvious password - but make it easy to pronounce (this way you'll remember it more easily). This will help reduce the threat of your password being found by 'dictionary' based tools which some attackers use.
3. Characters which can be used
   1. Upper case and lower case letters (a-z and A-Z)
   2. Numbers (0-9)
   3. Special characters (!##%&()*+,-./:;<=>?@[]^{|}~. )
4. Characters which can't be used
   1. Single quote - ‘
   2. Double quote - “
   3. Backslash - \
   4. Pound sign - £
   5. Space
5. Passwords can begin and end with a letter, number or a special character
6. Create a passphrase - why not take the first letter of each word from a line in your favourite song, or book and put them together to make a word?.
7. Most importantly - always use different passwords for different programs and services. This reduces the threat of anyone using the same password to log into all of your services/accounts.

[Top]

3. Password security dos and don'ts

	Use a password if you share a computer with other users. If you don't you are risking other people having access to your personal information, deleting files or even using your account to pretend to be you online.
	Have different passwords for different things - don't use the same password for every application or service.
	Write your password down - if you can try and memorise it. If you can't remember your password and do have to write it down, try and disguise it, leaving it in a secure place.
	Don't choose an obvious password - e.g. your name, or a family member's or pet's name, your date of birth, telephone number, the current month or 'password'. It's very easy for someone to guess all of these.
	Keep the same passwords - change them every once in a while and don't re-use a password for at least a year. Change passwords at work - every 2 months. Change passwords at home - every 6 months

[Top]

Changing Your PlusNet Passwords

1. Where to change your passwords

Service	When is the password set?	How do I change the password?
Broadband access Dialup access Broadband phone Usenet Default mailbox Portal login Homepages login Homepages Webstats	During signup. You enter a password of your choice	Change your account password using the Change Password tool.
Additional mailboxes	When mailboxes are setup	At the Member Centre in the Email Settings section under Manage My Mail
CCGI	Uses your current password when CCGI is activated	To change your password, log into cshell.plus.net using either telnet or ssh and run the passwd command. Note: If you need to change your CCGI password, you will only be allowed to use a very strong password when running the passwd command. (e.g. At least 6 characters and the more characters, the stronger the password)
MySQL	A random password is generated	Raise a Question through the Help Assistant requesting a MySQL password reset. This will generate you a new password which will be emailed to you.
Webstats (CCGI)	Uses current password when component is activated	Raise a Question through the Help Assistant, we will reset your webstats password to match your main account password.

Changing Your Password Settings

1. Configuring password policies in Windows

Changing your computer's password settings means that a particular password can't just be re-used over and over again.

Important: We suggest you only configure your Windows password policies if you are an experienced user, confident with changing system settings. If you are unsure, don't make any changes.

In Windows XP:

1. Click Start.
2. Click Control Panel.
3. Click Performance and Maintenance.
4. Click Administrative Tools.
5. Click Local Security Policy.
6. Click the plus-sign (+) in the left pane to open Account Policies.
7. Click Password Policy.

[Top]

2. Enforce password history

This lets you set the number of days that Windows will remember passwords before they expire.

1. Double-click Enforce password history.
2. On the screen that appears choose any number between 0 to 24 from the drop-down. This is the amount of passwords that Windows will remember. Setting this at 0 means that no passwords are saved.
3. Double-click on Maximum password age.
4. On the screen that appears choose any number between 0 to 42 days from the drop-down list. Setting this at 0 means that passwords will never expire. (We suggest that you set this to 30 days or less - so that passwords are changed on a monthly basis).

[Top]

3. Minimum password age

This lets you set the number of days which must pass before a password can be changed again.

1. Double-click Minimum password age.
2. On the screen that appears choose any number between 0 to 998 days from the drop-down list. (We suggest that you set this to at least 3 days if you've set the Maximum Password Age (above). The Minimum Password Age can't be higher than the Maximum Password Age. If the Maximum Password Age is set to 0 the Minimum Password Age can be set from anything from 0 to 998 days.

[Top]

4. Minimum password length

This lets you set the minimum number of characters that a password can contain.

1. Double-click Minimum password length.
2. On the screen that appears choose any number from 0 to 14 in the drop-down list.

[Top]

5. Password must meet complexity requirements

This lets you set the password length and type of characters that a password can be made up of.

1. Double-click on Password must meet complexity requirements.
2. On the screen that appears choose Enable.
3. You will then be given a number of password rules:

• Password must not contain significant portions of the user's account name or full name.
• Password must be at least 5 characters in length. (We suggest setting this to at least 8 characters to make passwords secure).

[Top]

6. Store password using reverse encryption

This lets you keep a check on all the passwords used on a computer.

1. Double-click on Store password using reverse encryption for all users in the domain policy.
2. On the screen that appears choose Enabled.

Important: Password storing makes your password security less secure. Enabling this is basically like writing every password used on a computer in a text file, meaning these can be checked very easily. You should ONLY turn this on unless you really need to log all the passwords used on a computer.

[Top]

This page last updated 16th October 2009