Password Security for Faculty and Staff

Passwords need to be complex enough to discourage guessing but easy enough for you to remember. As computer processors become faster and faster hackers are taking advantage of better password cracking systems.  This means we have to shift the way we generate passwords.

It is best to start using a 12-20 character password or, better yet, a passphrase to prevent someone from easily guessing it. Really good passphrases should contain a number of character types, letters, numbers, and special characters. Keep them creative and unique to yourself. A passphrase combined with your own "Rules" for substitutions and character insertion makes them easier for you to remember but much harder for anyone or any computer to guess.

Here are a couple of passphrase generation ideas. If you really like cookies, use Snickerdoodles, Coconut Macaroons, Gingerbread or Vanillekipferl as a base. Use a special character as a space. Substitute letters with numbers that look the same. Substitute "o" with the digit zero, "L" with the digit one, "S" with the digit five, etc. Make a phrase out of it, and mix in special characters. "Snick3Rd00dle$#r#good”.

Mix up your schemes, one year use Cookies, then next year Baseball teams, wood working tools, maybe Civil War Generals. The advantage of better passphrases is that you can use them longer before having to change them.

• Password Quick Tips
  • Make sure your password is complex and longer than 12 characters. Short and simple passwords are easily figured out by hackers.
  • Use a variety of characters such as upper case, lower case, numbers and symbols.
  • Don’t write down your passwords (keep them in your head or in an encrypted file).
  • Don’t share your password with anybody for any reason, not even with the TSC.
• Creating and Remembering Your Password

  Creating and remembering strong password can sometimes be challenging. Below are several methods that can help you create and remember strong passwords.

  • Use the first characters of a sentence you can easily remember and add some special characters. My son Al is 3 years old in November converts to MsAi$3yoiN0V or I go on Vacation13 May would be IgoV!!@13M.
  • Use numbers in a word, for example a 5 instead of an s and a 3 instead of an e. partn3r5.
  • Substituting special characters for letters for example I go on Vacation13 May could be Igo#13M.
• Is your password weak?

  The following are some examples of practices and behaviors that can result in weak or bad passwords. Under no circumstances should individuals use passwords that utilize the following:

  • Passwords that match the user ID
  • Passwords that contain the user account owner’s name, first middle or last.
  • Passwords that contain the users bear ID or Social Security number
  • Any consecutive or repeating keyboard characters e.g. “123”, “jkl
  • Family-oriented passwords, (your name, nicknames, partners, children or pets). 50% of people do this, and these passwords are easily guessed.
  • “Fan” names, (sport stars, cartoon characters, pop icons). 33% of users do this.
  • “Self-obsessed” words, (stud, goddess), 11% of users do this.
  • Common dangerous practices are to use the words, (or simple derivatives), that could easily be guessed by someone else, e.g. password, sesame, changeme, secret, qwerty, money, pass, abc123, private, admin, 123456, god, hello, 111111, UNC.
• Why would anyone need your password?
  • You are given access to University services to enable you to work. Means of access are created to uniquely identify you and the resources you are authorized to access, so under no circumstances will anyone ever need to have your PDID (Personal Digital Identity) or password.
  • This also applies to technical IT staff maintaining computers and applications.
    Therefore: Never disclose your password.
• Should I give my password to a colleague or support staff in case I need them to check my e-mail or they need to access some information on my computer when I’m not around?

  Absolutely not!