¥

Effective Password Management

Passwords are key to accessing your personal information or using your credentials to enter a network. Creating a strong, complex password is an important step in protecting your data and securing any information you may have access to.

Below are some common risks associated with weak password practices and tips on how to reduce them.

Risks to Avoid

Password-based Attacks

Attackers can gain access to your account when you have a weak password by performing attacks like credential stuffing (attackers use breached accounts or password information to break into your account) or brute force/dictionary attacks (attackers use a database where they have popular or possible key combinations of passwords to break into your account).

Identity Theft

If an attacker gains control of your account, they could impersonate you and carry out fraudulent activities.

Data Breach

When one account is compromised, it can trigger a chain reaction that allows sensitive information you have access to be taken.

What To Do

Use Longer Passwords

Passwords should be at least 14 characters long.

Include a Mix of Uppercase and Lowercase Letters, Symbols, and Numbers

Complexity makes passwords harder to guess or crack.

Make It Random

Use mixed-case letters, numbers, and symbols, or a passphrase of 5-7 random words.

Make It Unique

Use unique passwords for each account to prevent a breach of one account from affecting others.

Use A Phrase

Use passwords that are hard to guess and easy to remember. For example, "May the force be with you” can be written as a phrase “M@yTh3F0rc3B3W!thY0u” which is a complex passphrase, incorporating special characters, lowercase, uppercase, and digits.

Reset It Periodically

Make sure to reset your password regularly, at least every 90 days. This way, if your password is ever compromised, changing it frequently reduces the time an attacker has to use your credentials.

Use a Password Manager

Contact Education Commons to request access to the University-approved password manager solution.

What Not To Do

Simple passwords like ‘password123’ or combinations of your birth date and dictionary words are easily guessable by attackers.

Using the same password across multiple accounts increases the risk of a breach, as a compromise of one account could lead to compromises of all accounts.

Storing passwords in insecure places, such as sticky notes, makes them easy targets for physical and digital theft. It’s similar to hiding your door keys under the doormat—it's one of the first places a bad actor would look.

As convenient as they are, if your device is compromised, all your stored passwords can be stolen by the attacker.

"Passwords are like toothbrushes"

Choose a good one, change them regularly, don’t share them, and keep them safe.