Safe Computing: Password Security

From ITS Wiki

Jump to: navigation, search

Your passwords are the keys to your electronic identity. They verify your identity and give you certain privileges. If someone else guesses or steals your password, he or she can pretend to be you, which means they would have access to your files, your e-mail, your funds, your personal information, whatever you have protected by that password. Strong passwords, and changing your password from time to time, improve computing security.

Remembering your password(s)

It may seem difficult to come up with a secure password that you can actually remember. Here are some memory strategies:

• Think of a sentence, take the first letter of each word, and use punctuation marks to substitute for one or more of the letters. The lazy dog jumped over the fox might become Tldj^tf

• Create your password by remembering a song lyric (and substituting a punctuation mark and/or using an uppercase letter). For example, in Lady Antebellum’s Hello World one line is "good to see you my old friend.” So your password might be Gtsym#F

Some tips for creating a strong password:

• Choose a password that is 6-8 characters long.

• Include a combination of uppercase and lowercase letters, numbers, and non-alpha-numeric marks ($,@,~,#,&,etc). Avoiding the obvious:

• Avoid your birth date, your username, your Centre ID number, your telephone number or anything else that is all numbers.

• Avoid any proper names or words that are in the dictionary.

• Password crackers have gotten more sophisticated, so it is no longer safe to use a word and substitute zeros for o's or ones for l's.

• Avoid any password used as an example in this document or any other document/article you read about creating a good password.

Do not give out your password in phone calls or emails

Hackers often employ what's called "social engineering." For example, somebody claiming to be an employee of your bank or internet service provider can call asking for personal information in order to gain access to your account or you might receive "phishing" e-mails asking you to verify their account information by clicking on a link to a phony Web site created to appear like that of a trusted institution. If you get an email or phone call asking for any personal information, call the institution to speak with them (confirming that they sent the email…don’t give out your password over the phone either).

Log Off

The information on your computer is like your pocketbook or your wallet: don't leave it unattended. Log off before you leave your desk.

Sources:

http://www.microsoft.com/security/online-privacy/passwords-create.aspx

http://my.simmons.edu/services/technology/helpdesk/antivirus/passwords.shtml

http://www.symantec.com/connect/articles/simplest-security-guide-better-password-practices

Retrieved from "http://wiki.centre.edu/its/index.php/Safe_Computing:_Password_Security"