In light of the IT Communications email about the new system password policy that came out October 7th, CTLE has prepared a blog post on Password Security.
Never has it been more challenging to keep your information safe and secure. If you utilize ANY online resource, whether it’s your institutions learning management system, Facebook, online banking or just shopping, making sure you have a strong password is the first step.
We all want to make our password easy to remember so we’ll use things like our birthdays, maiden names, our kids or pets names. But our use of social media makes most of that information easily discovered by perusing your public profiles and pictures. It’s just too easy for that type of information to get into the wrong hands.
So we need to generate a strong password: not just making sure you have a capital letter and number, but creating a passphrase with a minimum of 10-16 characters, at least one capital letter, a special character and a some numbers, and not in that particular order.
Strong password examples can be:
- Constructing a unique sentence: IloveGlendaleGauchos15
- Replacing letters with a common numbers or characters: 1P@ssW0rdtoRule!
- A securely generated password (most secure): S7ajag3thuFrESW
Check your current password strength here: https://howsecureismypassword.net/
- Use a unique password for every account or log in
- Use a minimum of 10 characters
- Use a combination of capital and lowercase letters, numbers and special characters
- Use two factor authentication or a different recovery email account
- Change your passwords every 90-120 days
- Don’t store passwords on sticky notes or under keyboards
- Don’t make every password the same; if one account gets hacked all accounts are vulnerable
- Do not give out or share your passwords; family members and coworkers should have their own account
- Don’t use pet & family names, birthdays or anniversaries
- Don’t use the web browser to store passwords; if you do make sure your computer login password is secure
You might be thinking “How the heck do I remember all these unique crazy passwords! I want to make my passwords all the same for every site…”
Making your passwords the same for every account you own can be extremely risky. If one account gets hacked, all of your accounts are potentially vulnerable.
Web Browser Password Manager; Chrome, Firefox and Internet Explorer
Most web browsers have a built in password manager utility, you know that little pop up that says “Would you like Chrome to remember your password?”. Unfortunately they’re not always encrypted or secure and unless your computer is password protected, web browser passwords are easily obtained. Make sure your phone and computer have strong login passwords or passcodes.
Password Managers; Cloud based managers & USB password keys
There are many password managers available. Password managers can be locally installed or cloud/web based, and you can even store all your passwords on an encrypted USB key. Just remember, password managers are only as good as your master account password and there are risks in any products we choose to use. Always do a little research, read some user reviews and look at the company history; how long have they been in business, have they had recent security issues.