Category Archives: security

NCAM Message 2 – Password Management

The simple truth is that passwords are a pain.  It is also true that password are necessary to protect the digital information of Sul Ross and your own personal information. 

Passwords are your first line of defense against break-ins to your online accounts, computers, smart phones and tablets. Poorly crafted passwords, those that are used on multiple accounts, and those seldom changed are more susceptible for being compromised. This situation can leave the technology resources and information on those devices, whether owned by the university or on your own personal devices, at higher risk of being stolen or damaged. The best antidote available against the cyber criminals and others that are intent on stealing or damaging your devices and information is better password management.

Poorly Crafted Passwords

One reason for poorly crafted passwords is they fall into recognizable patterns. This usually occurs because these patterns are more easily remembered than some ambiguous string of characters. These patterns are often in the form of someone’s name, a date, a memorable place, or they follow keyboard patterns such as “123456” and “qwerty.” These kinds of patterns are highly predictable and easy to crack. Rather than an obvious pattern for a password, try a short sentence or phrase. You’ll have the upper case and lower case characters that are needed and a password that is much easier to remember. Using an abbreviation for one of the words provides an extra level of complexity that helps keep your password safe. Also, to ensure you password complies with all password requirements of SRSU, simply change one of the letters to a number and one of the letters to a special character and you’re finished. For example, take the phrase, “Change is good!” Applying the rules we just covered, our phrase can be modified to Chg 1s g@@d!, which meets all our password requirements and is easier to remember than kjhdSDj34@nS.

Multiple Accounts

Having our email address and password compromised because of a weak or easy to guess password is bad enough. While having your email account compromised isn’t ideal, if you use the same account ID to access your financial institution, social network, and other sites, the potential for impact on your wallet and your reputation can be painful. Many of our accounts today use our email address as the ID for the account. Using the same password heightens the risk for any account using the same ID/password combination. When you have to use your email address for an account ID on another system, always ensure that a different password is used to access that other system.

Seldom Changed

The longer an account password is not changed, the longer a compromised password can be used by cyber criminals. Changing an account password on a regular basis limits a hacker’s ability to gain access to your account and “listen in” without you knowing they are there.

How to Survive

With all the accounts, for all the systems, and all those passwords, how is one to survive the security requirements and not simply write all the passwords down on a sticky note and paste it to our monitor? The answer is a password manager. A password manager is a piece of software that allows you to store the plethora of passwords needed in your life (business and personal), that are all hidden behind a specific account ID and password.

These tools give you the ability to record all your passwords in a single, strongly encrypted location. Of course, you still need a password in order to gain access to the password manager, so make sure this system uses a complex password, is not used anywhere else, and is changed with some regularity.

Sul Ross OIT has been using Lastpass for password management for some time now.  This password management software allows us to store passwords away safely and access them when needed across all our devices.  If you want to take advantage of this opportunity, reach out to LTAC and have them set up a Lastpass account for you and your department.

In the end, all computer security is about mitigating the risk inherent in your devices that are connected to the world around us. There is no way for anyone to be 100% secure. All you can do is lower the risk of being hacked. Complex passwords that are used on only one system, are changed on a regular basis, and are stored in an appropriate password manager lowers your risk.

NCAM Message 1 – Passwords: Don’t Spray It or Replay It

It is National Cybersecurity Awareness Month so I’ll share a few cybersecurity messages with you. In this initial post, I want to make you aware of two methods hackers use to gain access to your work and personal computing systems and what you can do about it.

Some of the most common problems/vulnerabilities with the passwords we use involves password spray and password replay, two terms commonly used in the cybersecurity world.

Password spray simply means automatically testing combinations of common passwords and known usernames on a system. You know how poor the most popular passwords are these days—those are lists that attackers keep close on hand. This is a straight numbers game.

By contrast, password replay attacks exploit our fondness for reusing the same passwords on different systems. Made much worse when people reuse passwords from their personal accounts on their work ones.

Two solutions to prevent this from happening to you:

Bad Passwords
  1. Don’t use common words or terms for your passwords, such as P@ssword1, MyD0ghasFle@s, etc.  These are primary targets for the lists hackers keep and use constantly to gain access to systems
  2. Don’t use the same password for multiple services, i.e. work, school, bank, etc.  Doing so allows a hacker to gain access to all your confidential and sensitive data once they determine one of your passwords.

Which means we have to create and remember multiple passwords for different systems.  How are you supposed to do that?

The answer is by using a password manager.  Stay tuned for the next installment of this series on passwords, where I will cover one solution we already are licensed for and use at Sul Ross.