Passwords
Published by Evil Bee Wednesday, 22 October 2008 10:22
Web services takes many steps to keep hackers out of your personal files and information; however, poor password management decreases effectiveness and increases information security risk. Creating strong passwords and changing them often are two simple steps you can take to better protect your personal information.
Here are some other guidelines to help you:
- Five Elements of Strong Passwords
- How to Create a Strong Password
- Keeping Your Password Safe
- Changing Your Password
Five Elements of Strong Passwords
- Length Matters: The longer your password, the harder it is to crack. Use a minimum of eight (8) characters.
- Mix it Up: Include upper and lowercase letters, punctuation, and numbers. Select a letter to capitalize at random; try to avoid the first letter.
- Avoid Dictionary Words or Proper Names: These are easy to guess. If you are going to spell-out a word or phrase, remove letters, replace them with numbers, or deliberately misspell the word or phrase. For example, "I Hate Peas" can become "eyeH8pEEz".
- Avoid Personal Information: This includes birthdates, names of family members or pets, and address information. Try an acronym instead. Example: "You can't teach an old dog new tricks" becomes "yctaodnt".
- Change Passwords Often: A good rule of thumb is to change passwords every six months.
How to Create a Strong Password
Be creative and make it fun at the same time. For instance, build your password with the first or last letters from a favorite phrase, poem, title, song or something else significant to you. To strengthen it even more, change some of the letters to uppercase, numeric or punctuation characters.
Construct a password around the Beatles' song "We all live in a Yellow Submarine."
Use the first letter of each word, add the initial of the artists and the year the song was released, and your well-constructed password becomes Bwaliays1968.
This is a password that's easy for you to remember, so there is no need to write it down, yet it is very difficult to guess.
Other examples:
| Bad Passwords | Good Passwords |
|---|---|
| tbdbitl | Tb$B17l! |
| whiskers | k!TTy,whi#Kers |
| gobucks | gO8uc%ey3S! |
Keeping Your Password Safe
- Don't share passwords associated with any of your accounts or services with friends, family or anyone else, whether by phone, in person or in e-mail.
- Don't let others look over your shoulder as you type your password.
- Don't write down passwords or keep them in a readable form in your office or home.
- Don't store passwords in a file on any computer system or PDA without protecting them with strong encryption.
- Don't use the "Remember Password" feature in web browsers, e-mail software, or other programs that connect to the Internet unless the feature is protected by strong encryption.
When possible, use an encrypted web page or application to log on to a service. Many web sites (such as Yahoo) offer a "secure login" feature. Although it takes an extra moment, it will protect your password from being intercepted as it's transmitted to the web site.
- If a technical support person asks you for your password while trying to help you with a problem, be very cautious, but also understand that it may sometimes be necessary in order to duplicate your problem.
- Do not hesitate to question the agent about his/her use of or need for your password.
- If you feel you must reveal your password, first ask the agent to reset it to a temporary password, which you can change after your problem is resolved. Legitimate technical support organizations would have no problem with this request.
- If you reveal your password and then feel it may have been compromised, first immediately reset the password (if you can) and then report the incident to the issuer of the account.
- As an employee, sharing your organization's passwords is considered a misuse of property and a security violation.
Changing Your Password
Change your passwords often. You should change your personal passwords at least once every six months and change administrative or privileged passwords quarterly. Once you create a new password, don't use it on another system or ever again.
You can rate your password's strength at the OSU Account Management site.