NCSAM 2014 Week 2 – Password Security

NCSAM WEEK 2

PASSWORD SECURITY

Usernames and passwords are the main way that we identify ourselves to the many services we use, whether it is email, social media sites, our or banking website.

THERE ARE A NUMBER OF THINGS TO KEEP IN MIND TO KEEP YOUR ACCOUNTS SAFE.

  1. Do not send passwords in emails and do not leave them written out laying around on your desk.
  2. The Office of Information Technology will NEVER ask for your password via email or on the phone and neither should anyone else. There is no reason for you to give your password to anyone, even if they identify themselves as the manager or administrator of your account or imply (or threaten) that you could lose access to your account.
  3. Passwords should be rotated on a regular basis. (UPDATE: This “wisdom” is now being challenged, but only in conjunction with using multi-factor authentication) Yes, it is a pain, but less so than having your reputation ruined or your bank account emptied.
  4. Change the default passwords that are set on accounts you open and on devices that you own, like wireless routers.
  5. Use different passwords for different accounts. Preferably, every account would have a different password, but at the very least, your banking account or any financial accounts passwords should be different from your other passwords.

WHEN CREATING A PASSWORD FOLLOW THESE GUIDELINES FOR HARD TO GUESS PASSWORDS:

  1. Do not use a common word as your password, even a common word that has been obfuscated with numbers and symbols.
  2. Do not use personal information as your password, including your name, username, birth date, phone number, address, student ID number, pet’s name, boyfriend’s/girlfriend’s or spouse’s name or anything else that someone may know about you or could find with little effort.
  3. Make your password at least eight, but preferably twelve characters long or longer. The longer the better, but don’t make it so long you have to write it down to remember it.
  4. You can use mnemonic phrases or devices, but do not use well known phrases, as these are included in the dictionaries that attackers use to try and compromise accounts.
  5. Your best bet is to combine three or four seemingly random words that mean something to you, but that others do not know are significant to you. Use some capitalization, numbers and symbols if you want, but don’t make it so complex you have to write it down or think about it for more than a few seconds.
(Visited 1 times, 1 visits today)