Password Security

Password Box in Internet Browser

Your password should be long and complex so it is hard for an attacker to crack.

Benefits of Using Strong Passwords

  • A strong password is the first line of defense against attackers who want access to our institutional data and personal online accounts.
  • Weak passwords are very easily cracked in no time at all with programs and computing power available to attackers today.
  • The stronger your password is, the more difficult it is for an attacker to guess, period.

Strong Passwords

Use these guidelines to create a strong password:

  • Use a minimum of 8 to 15 characters in length
  • Uses both upper and lower case letters (A-Z) and (a-z)
  • Include symbols or special characters: ( ~ ! @ # $ % * – + = < > ? [ ] { } )
  • Include at least one number (0-9)
  • Don’t use real words, names or anything that would be relatively easy for a password cracking program to guess

Passwords must not consist of:

  • Words from the dictionary, in any language
  • Personal information like birthdays, nicknames, phone numbers, or pet names
  • Never use your username as part of your password
  • Names of companies, schools, or civic organizations

Strong passwords can be difficult to remember. One method for creating a strong password that is easy to remember is to use a phrase that is meaningful to you but not known by others, use the first letter of each word in the phrase, and add other special characters, numbers, etc.

For example: 2 years that will change your life! — becomes the password — 2ytwCyl!

Password Strength Test – How strong is your password? Check the strength of your password with the Password Checker.

How Passwords are Stolen or Compromised

  • Guessing – there are programs that will automatically guess passwords and incorporate personal information found online such as birthdays, pet names, license numbers, home addresses to name just a few.
  • Dictionary-based attacks – programs and software that run every word in a dictionary against a username to find a match. These programs have all words in all languages and can even search for words spelled in reverse.
  • Brute Force attacks – the attacking program attempts every conceivable combination of keystrokes in combination with a username. These attacks are often very successful.
  • Phishing – Phishing scams attempt to convince the user with to respond to a call of action, such as providing your username and/or password. These messages are usually sent via fraudulent email, instant message, or phone call, and appear to be legitimate business communications, or from someone you know such as a friend, family member, or business associate. These messages are designed to get you to click on a link or open an attachment that will contain malware to infect your computer, or will take you to a phony website to try to steal your personal information.
  • Shoulder surfing – is when someone is lurking around trying to steal someone’s password as they enter it into a device, by simply looking of their shoulder. This frequently occurs in public places where Wi-Fi is in use, such as airports and eateries, but also occurs in office or computer lab settings as well.
The GPC Service Desk, nor will any other department of the college ask you for your username and/or password information.

Safeguarding Your Password

Follow these tips to protect your passwords:

  • Always strive to use different passwords for access to different user accounts and applications. This way, if someone gets ahold of your password to one account, the rest of your accounts won’t be at risk of compromise as well.
  • Change your passwords at regular intervals…at least every 180 days (6 months).
  • Never share your passwords with anyone including co-workers and your boss.
  • Don’t ever transmit a password electronically in email or otherwise unless it is encrypted.
  • Memorize your passwords and never write them down and store around your work area.
  • Don’t use the password save functions offered by applications, websites, and browsers.
  • Never walk away from a computer without first logging off or locking the computer.

Always change your password immediately after these kinds of events:

  • An unauthorized password discovery or usage by another person.
  • A system compromise or unauthorized access to a system or account.
  • Your account info has been exposed in a hacking event or system breach.
  • Accidental disclosure or a password to an unauthorized person.
  • Logging into a new account with a temporary or default password.

Password Managers

Password managers can securely store your passwords, and can remember and enter usernames and passwords for all the different accounts and applications you may be using for work, banking, shopping, etc. Most of these programs offer free versions and can create really strong, random passwords. All you need to remember is the one password to the password manager. If you go this route, make sure your password for the manager is extremely strong, because it is truly the “keys to the kingdom”, if they gain access to your password manager vault.

Examples of popular password managers:

  • Lastpass
  • Roboform
  • Kaspersky Password Manager
  • DataVault Password Manager (iPhone)
  • mSecure Password Manager (Android)