Here are a few of the most important things you can do to keep your account, website and email snug and secure. There are of course hundreds of tips we could throw your way, but if you remember and live by these simple practices religiously, you can prevent/avoid the vast, vast majority of security vulnerabilities.

1. Only use SFTP for file transfers
   If you transfer files to and from the server using an FTP program, make sure it is actually connecting to Port 22 using SFTP (Secure File Transfer Protocol) rather than plain-old FTP, which connects to the sever transfers data in the clear.
   
   
2. Only use TLS/SSL email connections
   If you're using one of our webmail interfaces (SquirrelMail, Horde, RoundCube), your interactions with the server are encrypted by default, so don't worry. But if you are using an email program on your computer (Thunderbird, Outlook, Eudora, Entourage, etc), you need to tell it to only use TLS or SSL connections for both SMTP (sending) and POP3 (receiving) email. Note that this will NOT encrypt email after it leaves our SMTP server en route to the recipient's server, and of course it will not protect incoming email before it reaches our servers. It will prevent snoopers from finding your email password, however, and that's a big deal.
   
   
3. Use encrypted email when transferring sensitive information
   Don't email passwords unless you encrypt the email in a way that only the recipient  can decrypt. This means public-key technology, as described and tutored in this knowledge base article. The best alternative? An old-fashioned telephone call.
   
   
4. If you use a public or semi-public computer, LOG OUT
   Any time you use a computer that anyone other than you can access, you must log out from anything you log into. Even if it's just a family member who might sit down after you leave, we're not only concerned about malicious hackers. Accidental destruction or manipulation of data can be every bit as dangerous as intended damage.
   
   
5. Follow security hints on server-side software
   If you ever install a software package to your account, such as a blogging system or an e-store, be sure to take the security hints offered in the instructions. It is usually best to install the software manually (or have us do it for you), rather than use the Fantastico auto-installers or the Site Software installers offered by cPanel. But either way, you can tighten up security by changing file permissions and running security scripts as prompted in the instructions.
   
   
6. Keep server software up to date
   Most server software (again, blogs, e-stores, etc) have security vulnerabilities. Chances are, they'll be discovered when someone else using the software gets hacked. Chances are also good that, after such a hack, the software provider will offer an upgrade or a patch to close off the vulnerability. Installing these upgrades/patches as soon as possibly will keep you one step ahead of most of the hackers out there.
   
   
7. Use good password practices
   If no one can guess your password, and no password-cracking program could stumble on it, and you could still remember it, you'd be in great shape. Therefore:
   
   • Make your passwords impossible to guess. Your passwords should be a random mix of alphanumeric characters and symbols. Few people follow this, but it really is important. 7Gr%uQr4 is a fundamentally better password than ilovegramma or even 1ralph2. Trust us on that. Sure, it's harder to remember (at first), but that's why you should...
   • Store all your passwords in a secure program. We recommend using the free JPasswords program (it's Java, so it works on Windows, Mac or Linux!) That way, you just remember one global password, and all the rest are just a few clicks away.