Just as you
lock your house and car, you need to secure your computer
and online accounts. Think of your password as your key to
the lock. You wouldn't want to give it to just anyone, would
you?
Here are some tips regarding passwords that will help you
secure your resources against intruders:
1. Don't use personal information as your password
Pet's names, favorite sports teams, birthdates, social security
numbers - all of these are bad ideas for use as a password,
because they are some of the first things an intruder will
try.
2. Never write down your password.
This is the best policy, but if you have several passwords
and absolutely must write them down, don't leave them anywhere
near your computer. Passwords on sticky notes left on monitors,
inside desk drawers or under pen/pencil trays are an open
invitation to intruders.
An alternative to writing down your password is the use of
a "password safe" program, such as the free utility
Password Safe.
This program stores all of your passwords in an encrypted
form, making them visible only when the proper master password
is entered. This means you only have to memorize one password.
3. Use "strong" passwords.
Which of the following two passwords do you think is stronger
- G00d4B!#j6 or "My favorite pet is my turtle."
Which do you think is easier to remember and type?
When choosing a password, we have all heard that the more
complex, the better. However, given the increasing power of
computers, brute force attacks are changing this to "longer
is better." A brute force attack is when a computer or
computers guesses each possible password combination. Over
time, it will eventually find the correct password and gain
access.
The answer to this is really pretty simple: passphrases.
A passphrase is simply a sentence or pseudosentence. In the
example above, the first password would take anywhere from
seconds to a few hours to guess, using just one computer.
The second password, the passphrase, would take trillions
of years, even assuming that 100 computers were attempting
to guess it. The key here is the length of the passphrase.
Due to certain special conditions in the Windows operating
system, it is best to use a password that is at least 15 characters
in length. Anything less than that is only at best effectively
7 characters long (it has to do with legacy reasons). So by
moving from 14 characters to just 15, you increase the strength
of your password by more than a thousand times.
Going back to our sample passwords, I know which one I would
rather use. Most systems in use today support these longer
passwords, so the next time you're changing yours, why not
try out a passphrase?
One final note: keep in mind that certain systems may not
accept leading numeric or special characters for passwords,
such as the University's Banner system. In those cases, ensure
that you use a password that begins with a letter.
4. Be wary of using autofill and autologin features.
It is easy to use these features to speed up the login process.
However, it makes it just as easy for someone who sits down
at your unsecured computer to login to your accounts. Plus,
if you fall into the habit of not typing in your password,
it becomes that much harder to remember it!
Return to SECURITY |
