Passwords are your first line of defense against break-ins to your online accounts, computers, smart phones and tablets. Poorly crafted passwords, those that are used on multiple accounts, and those seldom changed are more susceptible for being compromised. This situation can leave the technology resources and information on those devices, whether owned by the university or on your own personal devices, at higher risk of being stolen or damaged. The best antidote available against the cyber criminals and others that are intent on stealing or damaging your devices and information is better password management.
Poorly Crafted Passwords
One reason for poorly crafted passwords is they fall into recognizable patterns. This usually occurs because these patterns are more easily remembered than some ambiguous string of characters. These patterns are often in the form of someone’s name, a date, a memorable place, or they follow keyboard patterns such as “123456” and “qwerty.” These kinds of patterns are highly predictable and easy to crack. Rather than an obvious pattern for a password, try a short sentence or phrase. You’ll have the upper case and lower case characters that are needed and a password that is much easier to remember. Using an abbreviation for one of the words provides an extra level of complexity that helps keep your password safe. Also, to ensure you password complies with all password requirements of SRSU, simply change one of the letters to a number and one of the letters to a special character and you’re finished. For example, take the phrase, “Change is good!” Applying the rules we just covered, our phrase can be modified to Chg 1s g@@d!, which meets all our password requirements and is easier to remember than kjhdSDj34@nS.
Having our email address and password compromised because of a weak or easy to guess password is bad enough. While having your email account compromised isn’t ideal, if you use the same account ID to access your financial institution, social network, and other sites, the potential for impact on your wallet and your reputation can be painful. Many of our accounts today use our email address as the ID for the account. Using the same password heightens the risk for any account using the same ID/password combination. When you have to use your email address for an account ID on another system, always ensure that a different password is used to access that other system.
The longer an account password is not changed, the longer a compromised password can be used by cyber criminals. Changing an account password on a regular basis limits a hacker’s ability to gain access to your account and “listen in” without you knowing they are there.
How to Survive
With all the accounts, for all the systems, and all those passwords, how is one to survive the security requirements and not simply write all the passwords down on a sticky note and paste it to our monitor? The answer is not sticky notes or a piece of paper in your desk drawer or attempting to get around the password requirements of the institution. The answer is a password manager. A password manager is a piece of software that allows you to store the plethora of passwords needed in your life (business and personal), that are all hidden behind a specific account ID and password. These tools give you the ability to record all your passwords in a single, strongly encrypted location. Of course, you still need a password in order to gain access to the password manager, so make sure this system uses a complex password, is not used anywhere else, and is changed with some regularity.
In the end, all computer security is about mitigating the risk inherent in your devices that are connected to the world around us. There is no way for anyone to be 100% secure. All you can do is lower the risk of being hacked. Complex passwords that are used on only one system, are changed on a regular basis, and are stored in an appropriate password manager lowers your risk.
Contact the SRSU Helpdesk, LTAC, if you have questions about anything in this article.