10:14 a.m., Oct. 15, 2010----Most people log in to their computers, email accounts, UD applications (e.g., UDSIS), off-campus commercial, email and financial sites, smart phone apps, voice mail and other password-protected accounts.
Passwords keep your personal information, including your UD records, protected. “Your passwords are the equivalent of the key to the lock for your virtual life,” Scott Sweren, the University's information security officer, said.
He added that because account names are often publicly available, using strong passwords and managing them wisely are the most important ways you can protect your information and others' information entrusted to you.
“Never share your password or PIN with anyone,” said Sweren. “And if you think someone knows your password or PIN, change it.”
In addition to keeping your password private, you should also choose strong passwords.
Last year, security firm Imperva published a report on a security breach at the social gaming site rockyou.com.
Of the 32 million passwords exposed by the breach, Imperva reports that approximately 30 percent were six or fewer characters long, and about half were common words, names, slang or adjacent keys on the keyboard -- "trivial passwords,” according to Sweren. “The report concluded that the user passwords were so poor that an automated attack on the site could have harvested 1,000 accounts in only 17 minutes.”
The most common passwords at rockyou.com were similar to ones exposed in previous security breaches: “123456 was the most common password used by over 290,000 of their users,” Sweren said. Other common passwords included:
- Consecutive numbers: 12345, 123456789, 654321, 1234567
- Common words and phrases: Password, princess, Lovely, babygirl, iloveyou, monkey
- Names: Nicole, Daniel, Jessica, Michael, Ashley
- Trivial passwords: rockyou (the name of the site), Qwerty (adjacent keys), abc123.
“If your UDelNet or computer password is on this list, or is similar to one of these, stop reading this article and change your password immediately,” Sweren said.
At UD, you use three different kinds of passwords to access the systems you use for work, research, teaching or learning:
- Your UDelNet ID and password: Currently, UDelNet passwords must contain 6 to 8 characters using a mix of alphabetic, numeric and special characters.
- Your UD ID and PIN: Your PIN can be 4 to 10 digits (0-9).
- Your own computer password, and sometimes a local area network (LAN) password: Departmental system administrators can set more stringent password requirements.
According to Sweren, the University is in the process of upgrading UDelNet passwords to allow for longer passwords. “You can test your current passwords, or ones you're considering using, with our new password checker.”
He said that this tool will “help you see how strong a password or passphrase might be and what makes a password strong or weak.”
In addition to using a strong password, Sweren identified several other password guidelines:
- Never share your password or passphrase with anyone.
- If prompted by your web browser, never save an account's password in your browser.
- Change your password when you think it may have been compromised.
- Never send your password in email, even if the request looks official.
- Make your UD passwords and personal passwords different.
More detailed information about these guidelines and additional password information is available at the University's National Cyber Security Awareness Month website. If you have questions about password management, submit an IT Help Center request.
This is the third article in a series in observance of NCSAM.