Passwords

One of the most common ways for hackers to gain access to personal information is by cracking passwords. With one keystroke they can attempt to hack into thousands of computers using hundreds of combinations of passwords. Out of the thousands of computers hit, a handful of passwords will be cracked.

GENERAL PASSWORD RECOMMENDATIONS

  • Each one of your accounts should have its own unique password
  • NEVER share your passwords with anyone. Not even your best friend in IT when they are trying to help you troubleshoot a problem.
  • The use of passphrases instead of just a password makes it both easier for you to remember and harder for a hacker to discover.
      • The two keys to a good passphrase are in the total length and the lack of relationship between the words
      • This XKCD comic illustrates how secure passphrases can be
      • For more information on passphrases visit Diceware
  • The longer your password is, the better it is. A password like: Employ Late Shout Tea Respect Rival Heaven Lot Pump Average 1 is much more secure than something like: rT%3SnKd
  • It is highly recommended that you use a password manager to save your passwords so that you do not need to memorize all of them
  • It is highly recommended that you enable MFA (multi-factor authentication) everywhere possible, especially on your password manager, because no matter how good your password is, given enough time, a hacker can figure it out.

CHARACTERISTICS OF A STRONG PASSWORD

  • Be at least twelve characters long.
  • Passwords must NOT be a single word found in a dictionary (e.g., intermittent or unidentified)
  • Must NOT be anything easily associated with you (for instance, information someone could learn about you from Facebook or Instagram) such as
      • Your user id
      • Your name
      • Your phone number
      • Your address
      • Your pet's name
      • Your birthday
      • Names or birthdays of friends or family members
      • Part of your Social Security Number or Driver's License Number
      • Any other information that can be easily found about you
  • It is not required, but it is highly recommended that you use at least three of the following four elements in each password
      • Upper case letters
          • A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
      • Lower case letters
          • a b c d e f g h i j k l m n o p q r s t u v w x y z
      • Numbers
          • 0 1 2 3 4 5 6 7 8 9
      • Punctuation and special characters
          • ~ ` ! @ # $ % ^ & * ( ) _ - + = [ ] { } < > . ?

MAKING GOOD PASSWORDS

Least Secure (but acceptable if long enough) - Whole Word Combinations
  • Combine whole random words together
Examples:
  • Password: where ham lip
  • Password: hand all sure silly
More Secure - First Letter of Each Word Phrases (when equal or greater length than a Whole Word Combination Passwords)
  • Combine a letter from each word in a phrase
  • Phrases could come from: song lyrics, a favorite poem, a meaningful quote, or a totally random combination
Examples:
  • Phrase: Jack and Jill own two cats named Whiskers and Tuna that like to play outside
      • Password: jajotcnwattltpo
  • Phrase: When the lights out it's less dangerous, here we are now entertain us, may the force be with you, live long and prosper
      • Password: wtloildhwaneumtfbwyllap
Even More Secure - First Letter of Each Word with Complexity Phrases
  • Combine a letter from each word in a phrase
  • Phrases could come from: song lyrics, a favorite poem, a meaningful quote, or a totally random combination
Examples:
  • Phrase: Jack and Jill own two cats named Whiskers and Tuna that like to play outside
      • Password: J&Jo2cnW&TtL2Po
  • Phrase: When the lights out it's less dangerous, here we are now, entertain us, may the force be with you, live long and prosper
      • Password: wTL01ld_hW@n-3u_mtFbwU_lL&p
Most Secure - Use Long, Complex, Randomly Generated Passwords Stored in a Password Manager
  • Using long, complex, randomly generated passwords stored in a password manager makes it more difficult for a hacker to discover your passwords.
  • You only need to worry about remembering one password, the password to your password manager, and then you have access to all of your passwords
Examples:
  • 2nJWLF@f#@sqAXD=&2A2hZmm
  • D5+-xxgkkAdsc$NcdZT?96FJ

TWO MINUTE VIDEO EXPLAINING STRONG PASSWORDS

FUN PASSWORD TIP: “PASSWORDS ARE LIKE UNDERWEAR”

  • Passwords are like underwear: Change yours whenever you think someone might have smelled yours.
  • Passwords are like underwear: Don't share them with anyone.
  • Passwords are like underwear: The longer, the better.
  • Passwords are like underwear: Be mysterious.
  • Passwords are like underwear: Don't leave yours lying around.

RESOURCES