Can’t Crack My Password!

Can’t Crack My Password!

Don't steal my Password!

My password is secure.  Only my closest friends have it and no one else knows my dog’s name (its Snoopy, he’s a Beagle)!

Passwords though sometimes inconvenient are absolutely the best way to protect your computing experience in everything you do.  From logging into your computer at work, or in a lab, to purchasing items online, checking your Facebook and Twitter accounts, banking online, your email, everything!  Yet, we as a society still want it to be easy to remember and aren’t as concerned about not giving it out.

There are phishing attempts sent to you inbox daily, and they typically say you are going to lose something like your email, or your account access, if you don’t click the magic link and tell them what your password is.  No company, institution, agency, association, school, etc. will ever ask you for your password.  Ever!  That is yours and they know it is yours and yours alone.  They may verify your information another way and reset your password, but by no means will they ever ask you to give it to them online or through an email.  Keep this in mind when you receive email saying you are going to lose something, unless….sent by the IT Help People, they do not do this…delete!  It’s SPAM. It’s Phishing…it’s trying to get your account.

On a deeper level, especially at the University of Wyoming, if someone gets your password, they like to login to our network and find accounts to SPAM or Phish at based on your password.  They login from China, Taiwan, New Mexico, the works, and actively intrude on the UW network.  The UWIT Security team sees this traffic and they shut down your account.  You now cannot access anything at UW including your email and have no idea why, well, turns out wasn’t hard to guess your Dog’s name was snoopy, since your Facebook profile has several pictures of a Beagle.  This has become a big enough issue for the integrity and security of the UW network that password requirements will become the norm.  That’s why the UWIT help desk is here to help.

The easiest way to protect yourself from the scenario above is to be smart about your password.  Look, we all like to have a nice easy password to remember, and make out lives easier since we are constantly logging into something.  There are some basic requirements for a strong password.  Here are the main goals you want to achieve:

  1. Make your password 8 characters or larger and try to stay less than 20.
    1. Instead of Snoopy, lets go mydogsnoopy.
    2. Your password needs to contain some symbols and numbers, not just alphabetic letters.
      1. Use these 1 2 3 4 5 6 7 8 9 0 – _ + ~ ! % ^ * ] [ | ?
      2. Instead of mydogsnoopy, try m!dogsn00py
      3. You can change of the alpha characters from lower case to upper case to make the password even stronger, but again try and keep it easy to remember.  Usually the start of one o the words make this easier to remember.
        1. M!DogSn00py
        2. m!Dogsn00py
        3. m!dogSn00py
        4. If possible it is beneficial to keep your special characters from the start and end of your password.  Some software applications use special characters in their code and will drop those characters from your password when you login which keeps you from getting in.  Some of the characters, some applications use that should not be in passwords are below.
          1. \ $ @ { } : = & “ ) ( , < > ;
          2. Now every time you change your password, you should make it something different than used in the past.  Believe it or not this sometimes actually gets easier the more complicated your password is.  Passwords will be stored as a history and when you change it cannot be like your previous password.  So, if your previous password was complex, you can still change it to something familiar without being flagged as similar.
            1. Sn0opyD0Gm!ne
            2. Sn009D0gg!d0g

Your password should not be given to anyone.  Ever!  Keep it, it’s yours and do not give away your online access to anyone.  If you want multiple passwords for multiple systems try and keep them similar so you always can choose between 2 or 3 passwords that you consistently use.  And do not respond to emails saying you need to authorize your account, or update your account, especially by giving them your password.

Brett Williams, Help Desk Manager From Laramie, WY

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s