- Security Home
- Security Staff
- Send Files Securely
- Safe Computing
- File Sharing
- WKU Phish Bowl
- International Travel
- IT Security Bulletin
- Annual HEOA Notice
- Security Awareness Training
- Project: Network Border Security Enhancement
Passwords are typically your main defense from someone accessing your accounts. Take them seriously and familiarize yourself with the tips below.
Dos and Don'ts
- Memorize your password
- Use passwords that would be difficult for others to guess
- Use passwords with a mix of letters, numbers and symbols (#@$&*)
- Use a password that you can remember, so that you don't have to write it down
- Use long passwords, typically more than 8 characters
- Change your passwords at least every 180 days, or immediately if you suspect an account is compromised
- Write your password down
- Use passwords with less than six characters
- Use any part of your logon name for your password
- Share your password with anyone
- Use names, addresses, or significant dates such as your birthday
- Use words that can be found in any dictionary
- Use the same password for multiple accounts. If someone hacks one site, they could use the infor to access your other accounts.
Create A Strong Password
One way to create a good, strong password, is to use part of a phrase that is easy for you to remember. This phrase can be a set of words taken from a book, a song, a quotation, a statement, or anything else that you always easily remember. This phrase should be easy for you, but no one else should ever think about attributing it to you. Below are some examples of how to create strong passwords.
Phrase: "Four score and seven years ago, our fathers..."
The result: Derived by choosing the first letter from each word, using a mixed case of letters, adding a non-alphabetic character and number where possible.
An easy to remember password, which is based on a combination of two unrelated words with a mixed case of letters, numbers, and symbols.
Pass-words: "cash cow"
The result: Derived by combining the two words, changing the "s" to "$" (dollar sign), the "o" to "0" (zero), and "w" to "uu" (a double-U).
Why Does This Matter?
A common way to gain access to a network is to find a user's password, often by simple guessing. Attackers often setup automated programs to try and guess passwords on systems they find accessible from the internet. These attacks are called dictionary attacks and can be very effective. Here are some of the most common passwords we've observed attackers trying to use on our network:
If your password looks similar to these then you should change it immediately.
Note: documents in Portable Document Format (PDF) require Adobe Acrobat Reader 5.0 or higher to view,
download Adobe Acrobat Reader.
Note: documents in Excel format (XLS) require Microsoft Viewer,
Note: documents in Word format (DOC) require Microsoft Viewer,
Note: documents in Powerpoint format (PPT) require Microsoft Viewer,
Note: documents in Quicktime Movie format [MOV] require Apple Quicktime,