Share:
Sep 03, 2015

Strong passwords = good security

by Cathy McVey, information technology services

passwordThe 180 days have passed, and your computer is nagging you to change your password – again.

You roll your eyes and dive in to the task of coming up with another set of characters that meet Miami’s requirements but that you can remember, too.

Why is this so important?

That set of characters stands between all of your online information and the “bad guys” who spend their days trying to get to that information.

Right now Miami requires that you change your password every 180 or 365 days, depending on how complex a password you choose. All passwords must have eight characters that include both uppercase and lowercase letters and at least one number. To qualify for the 365 day reset, the password must have 10 characters and add at least one special character (for example: <, ?, +, %) to the basic requirements.

Those are the basic requirements. What else do you need to know to choose a safe, strong password? We have all seen how people sending phishing email messages are getting smarter and smarter in how they design their messages. The same is true of password crackers. Their skills in “breaking” a password have developed, changing what constitutes “strong.” For example, experts used to advise substituting special characters or numbers for letters – like $ for s or 3 for e. Newer cracking techniques can recognize these substitutions – rendering them useless.

So, how does a person choose a good password? The “do” list is short these days and the “don’t” list grows constantly.

When setting a password, DO:

  • Consider using a password manager like Last Pass or Dashlane.
  • Make sure (if you don’t use a password manager) that your password is memorable.
  • Stay on top of the changing “Don’t List” for strong passwords by Googling “setting a strong password” or go to MiamiOH.edu/IT and search “password.”

 When setting a password, DON’T:

  • Use any word found in any dictionary.
  • Just add a number before or after a word (jeep4, 32zebra).
  • Simply double a word (catcat), spell a word backwards (tac) or add an “s” (cats).
  • Substitute common numbers/symbols for letters, 3 for E, 0 or O, etc.
  • Use common numeric or letter sequences (QWERTY, 911).
  • Use personal identifiers like your name, birthday, anniversary, SSN, pet names, phone number.
  • Just remove vowels and/or spaces from a phrase.
  • Use popular culture references like names of books, characters, bands, sports team names, etc.
  • Use the word “password.” Surprised this is on the “Don’t List”? Check this list of the Top 25 Passwords of 2014.

 And, once you set your password, remember:

  • Never use the same password for more than one site or account.
  • Never share your password.
  • Don’t use “Remember Me” on public or shared computers.

 The password(s) you choose determine how safe the online information you manage remains.