The Importance of Secure Passwords

Passwords ensure the security and confidentiality of data that is stored on various workstations and servers across campus. Some of this data includes student and employee names and addresses, grades, evaluations, timetables, payroll etc.

Secure is NOT your birth date, your spouses birthday or name, secure is NOT your dog’s name, secure is NOT your kid’s name.

What makes a good password?

  • Create passwords that are at least 10 characters in length
  • Use a mixture of characters (most are case sensitive):
    • Upper case letters (A – Z)
    • Lower case letters (a – z)
    • One or more numbers
    • At least one or two special characters, such as a $ or * or !

What to avoid in creating a password

  • Names of any kind. These include your login name, your own or a family member’s name, a pet’s name, or any proper name.
  • Any kind of personal information, specifically your phone number, address, birthday, license plate number, or anything else someone could guess or look up about you. It also includes sensitive information such as your ATM PIN, or social security number or credit card number.
  • Words contained in the dictionary or foreign language dictionary. By all means, never, ever use the word password or Password and avoid words that can be found in the dictionary.
  • Sequences or repeated characters. Avoid sequences or repeated characters such as 22222 or 12345 or abc123 or asdfg.

Other good safety practices

  • Never write your password on a sticky and put it on your monitor or under your keyboard.
  • Don’t ever share your password with anyone.
  • Don’t use the same password for all the sites you visit.
  • Change your password periodically. The more important the information you are protecting, the more frequently you should change the password.
  • Always change the default system password. Never leave it as the default.

Complexity is nice, but length is key. It used to be the case that picking an alphanumeric password that was 8-10 characters in length was a pretty good practice. These days, it’s increasingly affordable to build extremely powerful and fast password cracking tools that can try tens of millions of possible password combinations per second. Just remember that each character you add to a password or passphrase makes it an order of magnitude harder to attack via brute-force methods.

There are several online third-party services that can help users safeguard sensitive passwords, including LastPass, DashLane, and 1Password that store passwords in the cloud and secure them all with a master password. If entrusting all your passwords to the cloud gives you the creeps, consider using a local password storage program on your computer, such as RoboformPassword Safe or Keepass. Take care to pick a strong master password, but one that you can remember, if you forget the master password you are pretty much out of luck.

Remember, always put your safety first and your convenience second!

Leave a Reply