Passwords are the first line of defense in preventing unauthorized access to any computer. Regardless of the type of operating system, a password should be required to log in. Although a strong password will not prevent attackers from trying to gain access, it can slow them down and discourage them.
A strong password is one that is not easily guessed. Attackers may use automated methods that prey on common password paradigms. The first line of defense is choosing a password that avoids certain vulnerable characteristics.
The most common and easy to guess password is simply “password.” Any clues to your password that can be found on social media (such as birthday, pet names, children’s birthday, hometown, etc.) are vulnerable and should be avoided. A string of consecutive numbers or letters is also easily deciphered. Additionally, common substitutions of numbers for letters (ex., jumb0, f1avor, 5mile) are too easily guessed.
The most secure passwords are those that are seemingly “random.” Passphrases are particularly easy for a user but unintelligible to others. For example, the phrase “To infinity and beyond” could be written as “2_I_and_B.” The passphrase is both simple for a user to remember, and it incorporates all the aspects of a strong password.
Below are some "do's" and "do not's" about creating and protecting passwords:
- Do Not:
- Use words found in the dictionary, even if they are slightly altered (for example, by replacing a letter with a number).
- Use personal information such as birth date, names of self, family, pets, or social security number. (Rule of thumb: If a piece of information is on a social networking site, it should never be used in a password.)
- Use the same password for every login. Once someone has access to one account, they will have access to them all.
- Do:
- Use at least eight characters in your password.
- Include a combination of upper case and lower case letters, one number, and at least one special character such as a punctuation mark.
- Use an abbreviated passphrase that is familiar to you.
- Change your password frequently.
Have questions? We're here to help!
If you have questions about cybersecurity, or if you want to learn more about how to stay safe online, contact the Information Security Office (ISO) at: infosec@miami.edu
