Safe Computing - Secure Passwords

Passwords are typically your main defense from someone accessing your accounts.  Take them seriously and familiarize yourself with the tips below.

Dos and Don'ts

Do:

• Memorize your password
• Use passwords that would be difficult for others to guess
• Use passwords with a mix of letters, numbers and symbols (#@$&*)
• Use a password that you can remember, so that you don't have to write it down
• Use long passwords, typically more than 8 characters
• Change your passwords at least every 180 days, or immediately if you suspect an account is compromised

Don't:

• Write your password down
• Use passwords with less than six characters
• Use any part of your logon name for your password
• Share your password with anyone
• Use names, addresses, or significant dates such as your birthday
• Use words that can be found in any dictionary
• Use the same password for multiple accounts. If someone hacks one site, they could use the infor to access your other accounts.

 

Create A Strong Password

One way to create a good, strong password, is to use part of a phrase that is easy for you to remember. This phrase can be a set of words taken from a book, a song, a quotation, a statement, or anything else that you always easily remember. This phrase should be easy for you, but no one else should ever think about attributing it to you. Below are some examples of how to create strong passwords.

Example:

Phrase:

Four score and seven years ago, our fathers...

Password:

Fs&7yAoF

 

The result:

Derived by choosing the first letter from each word, using a mixed case of letters, adding a non-alphabetic character and number where possible.

 

Combination passwords

An easy to remember password, which is based on a combination of two unrelated words with a mixed case of letters, numbers, and symbols.

Example:

Pass-words:

cash cow

Password:

ca$hc0uu

 

The result:

Derived by combining the two words, changing the "s" to "$" (dollar sign), the "o" to "0" (zero), and "w" to "uu" (a double-U).

 

Why Does This Matter?

A common way to gain access to a network is to find a user's password, often by simple guessing. Attackers often setup automated programs to try and guess passwords on systems they find accessible from the internet. These attacks are called dictionary attacks and can be very effective. Here are some of the most common passwords we've observed attackers trying to use on our network:

• 123456
• password
• 123
• 1234
• root
• test
• qwerty
• 12345
• 1q2w3e
• 123456789
• test123
• admin
• abc123
• changeme
• passwd

If your password looks similar to these then you should change it immediately.