Effective Password Management
Passwords are key to accessing your personal information or using your credentials to enter a network. Creating a strong, complex password is an important step in protecting your data and securing any information you may have access to.
Below are some common risks associated with weak password practices and tips on how to reduce them.
Risks to Avoid
Password-based Attacks
Attackers can gain access to your account when you have a weak password by performing attacks like credential stuffing (attackers use breached accounts or password information to break into your account) or brute force/dictionary attacks (attackers use a database where they have popular or possible key combinations of passwords to break into your account).
Identity Theft
If an attacker gains control of your account, they could impersonate you and carry out fraudulent activities.
Data Breach
When one account is compromised, it can trigger a chain reaction that allows sensitive information you have access to be taken.
What To Do
Use Longer Passwords
Passwords should be at least 14 characters long.
Include a Mix of Uppercase and Lowercase Letters, Symbols, and Numbers
Complexity makes passwords harder to guess or crack.
Make It Random
Use mixed-case letters, numbers, and symbols, or a passphrase of 5-7 random words.
Make It Unique
Use unique passwords for each account to prevent a breach of one account from affecting others.
Use A Phrase
Use passwords that are hard to guess and easy to remember. For example, "May the force be with you” can be written as a phrase “M@yTh3F0rc3B3W!thY0u” which is a complex passphrase, incorporating special characters, lowercase, uppercase, and digits.
Reset It Periodically
Make sure to reset your password regularly, at least every 90 days. This way, if your password is ever compromised, changing it frequently reduces the time an attacker has to use your credentials.
Use a Password Manager
Contact Education Commons to request access to the University-approved password manager solution.
What Not To Do
Simple passwords like ‘password123’ or combinations of your birth date and dictionary words are easily guessable by attackers.
Using the same password across multiple accounts increases the risk of a breach, as a compromise of one account could lead to compromises of all accounts.
Storing passwords in insecure places, such as sticky notes, makes them easy targets for physical and digital theft. It’s similar to hiding your door keys under the doormat—it's one of the first places a bad actor would look.
As convenient as they are, if your device is compromised, all your stored passwords can be stolen by the attacker.
"Passwords are like toothbrushes"
Choose a good one, change them regularly, don’t share them, and keep them safe.