Is your password the weak link?
University IT offers advice on the creation of strong passwords
4:34 p.m., Oct. 17, 2011--Q: What’s the most important thing you can do to protect the information you store on your computer or smartphone?
A: Use a strong password or passphrase!
Tea with the provost
Your passwords keep your personal information, including your UD records, protected. “Strong passwords protect you, your information, and information others have entrusted to you,” said Karl Hassler, associate director, IT Network and Systems Services. “Get lazy about your passwords, and you open up your information to the world.”
UD Information Technologies password advice
Don’t use “trivial” passwords: words, dates, or adjacent letters or numerals.
Security breaches in the U.S. over the past three years have confirmed how insecure most passwords are: “‘123456,’ ‘password,’ ‘qwerty,’ children’s names, and dictionary words are all popular choicesand all are trivial for hackers to crack,” Hassler said.
New UDelNet passwords and new passwords on most UD systems must not match dictionary words.
Use longer passwords and passphrases.
Given the power of today’s computers, a six-character password has become too easy for hackers to crack.
If you are still using an old six-character password, Hassler urges you to change it. “New UDelNet passwords must contain at least 8 and up to 30 characters.”
“There are common software tools that can crack a six-character password in seconds,” he said. “By contrast, if you use a good 12-character password, it could take decades for a hacker to crack your password.
“Want to be really safe? Use a password or passphrase that’s 12-30 characters long. Use a memorable phrase, song lyric, poemor even the first letter of each word in a phrase. Current hacker tools would take too long to crack your password,” he concluded.
Use a mixture of upper-case letters, lower-case letters, numerals and special characters.
Another good practice is to use different kinds of characters in a password. “Just adding a number to a word or a name does not make it harder to crack. But using a combination of mixed-case letters and some punctuation characters makes it much more difficult for hackers to get your password,” Hassler said.
He added that new passwords on UDelNet must use a mixture of upper- and lower-case letters, numerals and special characters.
Don’t reuse your UD password.
This spring, the website for a small company was breached; among the accounts hacked were those belonging to 290 U.S. government employees. “These 290 accounts at a handful of military bases and other government sites were stolen because the employees had used the same password at this private site that they had used on their work accounts,” Hassler said.
“Using the same password for official University business and personal web accounts is a risk because, if you log in to a compromised website, your password could be stolen and used to access your UD account and UD information.”
He concluded that because account names are often publicly available, using strong passwords and managing them wisely are essential to good security practices, “Not just at UD, but with all your email and Internet accounts.”
For more information
• Visit the IT Tech Fair on Wednesday, Oct. 19, from 11 a.m. to 2 p.m., in the Trabant University Center. At the Security station, IT staff will have information about password management, antivirus software and other security issues. Registration recommended.
• Visit IT’s Use secure passwords web page.
• October is National Cyber Security Awareness Month. Visit the staysafeonline.org website for more information about what you can do to protect your identity and your information.
• If you suspect your password has been compromised, contact the IT Support Center.