Password Security for Faculty
Passwords need to be complex enough to discourage guessing but easy enough for you to remember. As computer processors become faster and faster the hackers are taking advantage of better password cracking systems which means we have to shift the way we generate passwords.
It is best to start using 16-20 character password or, better yet, a passphrase to prevent someone from easily guessing it. Really good passphrases should contain a number of character types, letters, numbers, and special characters. Keep them creative and unique to yourself. A passphrase combined with your own "Rules" for substitutions and character insertion makes them easier for you to remember but much harder for anyone or any computer to guess.
Here are a couple of passphrase generation ideas. If you really like cookies, use Snickerdoodles, Coconut Macaroons, Gingerbread or Vanillekipferl as a base. Use a special character as a space. Substitute letters with numbers that look the same. Substitute "o" with the digit zero, "L" with the digit one, "S" with the digit five, etc. Make a phrase out of it, and mix in special characters. "Snick3Rd00dle$#r#good”.
Password Quick Tips:
- Make sure your password is complex and longer than 12 characters. Short and simple passwords are easily figured out by hackers.
- Use a variety of characters such as upper case, lower case, numbers and symbols.
- Don’t write down your passwords (keep them in your head or in an encrypted file).
- Don’t share your password with anybody for any reason, not even with the TSC.
Creating and Remembering Your Password
Creating and remembering strong password can sometimes be challenging. Below are several methods that can help you create and remember strong passwords.
- Use the first characters of a sentence you can easily remember and add some special characters. My son Al is 3 years old in November converts to MsAi$3yoiN0V or I go on Vacation13 May would be IgoV!!@13M.
- Use numbers in a word, for example a 5 instead of an s and a 3 instead of an e. partn3r5.
- Substituting special characters for letters for example I go on Vacation13 May could be Igo#13M.
Is your password weak?
The following are some examples of practices and behaviors that can result in weak or bad passwords. Under no circumstances should individuals use passwords that utilize the following:
- Passwords that match the user ID
- Passwords that contain the user account owner’s name, first middle or last.
- Passwords that contain the users bear ID or Social Security number
- Any consecutive or repeating keyboard characters e.g. “123”, “jkl
- Family-oriented passwords, (your name, nicknames, partners, children or pets). 50% of people do this, and these passwords are easily guessed.
- “Fan” names, (sport stars, cartoon characters, pop icons). 33% of users do this.
- “Self-obsessed” words, (stud, goddess), 11% of users do this.
- Common dangerous practices are to use the words, (or simple derivatives), that could easily be guessed by someone else, e.g. password, sesame, changeme, secret, qwerty, money, pass, abc123, private, admin, 123456, god, hello, 111111, UNC.
Why would anyone need your password?
- You are given access to University services to enable you to do your work. Means of access are created to uniquely identify you and the resources you are authorized to access, so under no circumstances will anyone every need to have your PDID (Personal digital Identity) or password.
- This also applies to technical IT staff maintaining computers and applications. Therefore:
- Never disclose your password.
- The support departments must only be allowed access to your account if you are present and can observe what is being done.
Should I give my password to a colleague or support staff in case I need them to check my e-mail or they need to access some information on my computer when I’m not around?
Your PDID and password combination uniquely identifies you within the University’s digital world. Remember that you are responsible for actions taken with your digital identity and only you should have access to your pay records and other personal information. It’s in your best interest to vigilantly guard and protect your PDID and password.