Passwords

Passwords have become such a common aspect of our personal and professional lives that we may often take for granted the importance of ensuring that our passwords are strong and well protected. Just as your house key provides access to your home and everything within it, your passwords open up your critical accounts (email, banking, etc.) and electronic devices to anyone who has or can guess these secret codes.

While the instruction to "use strong passwords" may sound simple enough, the reality of creating and remembering strong, unique passwords for all of your accounts and devices can be a challenge. As humans, we are limited in the number of passwords that we can accurately remember on a regular basis, and many of the common requirements for complex passwords do not lend themselves to being easily remembered.

The first step to improving the strength and memorability of your passwords is to make use of a passphrase - a series of words that make up a phrase or sentence. The strength of a passphrase relies more on its length (more characters = stronger passphrase) than on the random inclusion of numbers and/or special characters. A well-crafted passphrase should prove more difficult for cyber criminals to crack with "brute force" software and provide the additional advantage of being easier for you to remember.

Once you become comfortable creating passphrases, you can make them more secure by including a variety of character types and replacing letters with numbers or symbols. Here is an example of how you can manipulate a passphrase by replacing letters:

Original: WhyIsTheCoffeeGone?
Updated: Why!sTheCoff3eGone?

For additional advice on the careful use and management of your passwords/passphrases, see the suggested strategies below.

ITS recommends:

  1. Avoid creating weak passwords and/or reusing passwords across different accounts. Instead, use a password manager, which is a program (protected by a master password) that securely stores all of your passwords. Many password managers include other helpful features, such as a password generator and an auto-fill option, which can eliminate the need to type in your randomly generated passwords.

  2. When available, use two-factor authentication (2FA), also known as multi-factor authentication (MFA). Two-factor authentication provides a secondary means of protecting your account beyond your password and often comes in the form of a code sent to your phone or tablet. If your password is ever compromised, having 2FA enabled can prevent someone else from accessing your account, even if they know the correct password.

    2FA

  3. Never share your passwords with anyone (supervisors, co-workers, ITS staff, friends, etc.). If you have shared or currently share your password with colleagues in order to work together on a document or project, please know that there are collaboration tools available, such as SharePoint, that allow you to work together on a project without needing to share account credentials. Contact ITS for assistance in identifying a collaboration tool that would best suit your needs.