.
 

IT Security

banner-security

     

 Passwords

Lock the door on computer snoops

Just as you lock your house and car, you need to secure your computer and online accounts. Think of your password as your key to the lock. You wouldn't want to give it to just anyone, would you?

Here are some tips regarding passwords that will help you secure your resources against intruders:

 

1. Don't use personal information as your password.

 Pet's names, favorite sports teams, birthdates, social security numbers - all of these are bad ideas for use as a password, because they are some of the first things an intruder will try.

 

2. Never write down your password.

    This is the best policy, but if you have several passwords and absolutely must write them down, don't leave them anywhere near your computer. Passwords on sticky notes left on monitors, inside desk drawers or under pen/pencil trays are an open invitation to intruders.

An alternative to writing down your password is the use of a "password safe" program, such as the free utility Password Safe. This program stores all of your passwords in an encrypted form, making them visible only when the proper master password is entered. This means you only have to memorize one password.

 

3. Use "strong" passwords.

    Which of the following two passwords do you think is stronger - G00d4B!#j6 or "My favorite pet is my turtle." Which do you think is easier to remember and type?

    When choosing a password, we have all heard that the more complex, the better. However, given the increasing power of computers, brute force attacks are changing this to "longer is better." A brute force attack is when a computer or computers guesses each possible password combination. Over time, it will eventually find the correct password and gain access.

    The answer to this is really pretty simple: passphrases. A passphrase is simply a sentence or pseudosentence. In the example above, the first password would take anywhere from seconds to a few hours to guess, using just one computer. The second password, the passphrase, would take trillions of years, even assuming that 100 computers were attempting to guess it. The key here is the length of the passphrase.

    Due to certain special conditions in the Windows operating system, it is best to use a password that is at least 15 characters in length. Anything less than that is only at best effectively 7 characters long (it has to do with legacy reasons). So by moving from 14 characters to just 15, you increase the strength of your password by more than a thousand times.

    Going back to our sample passwords, I know which one I would rather use. Most systems in use today support these longer passwords, so the next time you're changing yours, why not try out a passphrase?

    One final note: keep in mind that certain systems may not accept leading numeric, special characters or spaces for passwords, such as the University's Banner system. In those cases, ensure that you use a password that begins with a letter.


 4. Be wary of using autofill and autologin features.

    It is easy to use these features to speed up the login process. However, it makes it just as easy for someone who sits down at your unsecured computer to login to your accounts. Plus, if you fall into the habit of not typing in your password, it becomes that much harder to remember it!