Overview/Introduction
The paramount importance of using a robust password cannot be stressed enough. Your password acts as the linchpin of your digital identity, serving a role akin to a virtual key.
Unauthorized access to a password-protected system often occurs through the act of password guessing. This may happen when someone discovers a written copy of the password near the computer or observes it being entered. Additionally, advanced software programs excel at rapidly deciphering common passwords. It is crucial for individuals to exercise heightened vigilance and a strong sense of responsibility in safeguarding their access credentials and overall digital security.
The following guidelines will safeguard against someone finding out your password and gaining unauthorized access to your account.
Details
- Transform your password into a passphrase for enhanced security. The longer a password, the more resilient it becomes against guessing or brute force attacks. A passphrase, which consists of a phrase or sentence instead of a single word or set of characters, is recommended. Passwords or passphrases should ideally be a minimum of 12 characters, but it is acceptable to aim for more than 12 characters if desired.
- Prioritize unique passwords. For each online service you use, choose unique passwords to mitigate security risks.
- Steer clear of using publicly available information. Do NOT use personal information from social media in your passwords. Avoid incorporating easily discoverable personal details such as your name, phone number, date of birth, or address.
- Avoid common words that offer minimal security. Words such as "password," "letmein," or easily repeatable key sequences like "qwerty123" or "asdf1234."
- Cultivate the habit of periodically changing or rotating your passwords, ideally every 6-12 months, to fortify your overall digital security.
If you are looking for instructions on how to change your password, please visit this resource.
What is a Passphrase?
Ursinus College Information Technology advises that you use a passphrase rather than a password for your UC accounts. A passphrase is simply a phrase or sentence that you use, instead of a single word or set of characters.
If there is no limit on password length, use a passphrase, e.g. "Africa is beautiful during the cold time of year." However, if you have to pick a smaller password, just use the first letter of each word and swap some of the letters for numbers: "Afr1bDTct0FY”.
Here are three simple ways to construct a secure, easy to remember passphrase:
1. Create a passphrase by taking a short phrase and:
- Change the capitalization of some of the letters
- Replace some of the letters with numerical and symbolic substitutions ($ for S, 8 for B)
- Misspell or abbreviate some words (e.g., the phrase “Having Money is great for fun” becomes “Have$isgr84F0n”.)
2. Choose several shorter words and add some numbers in the center, then change the capitalization and substitute symbols for letters. For example, the phrase “rooks 582 Mountain” becomes “r00K$582M0un+4!n”.
3. Choose a memorable quote or phrase and use only the first letter from each word. Vary the capitalization. Also include numbers and symbols, either as substitutions for letters or as a replacement for a full word. For example, Albert Einstein's quote “Two things are infinite: the universe and human stupidity; and I'm not sure about the universe." becomes “2TrI:tU&h$;&Ins@tU”.
Complexity requirements are enforced when passwords are changed or created. Please visit our article on Password Complexity to get a deeper understanding of the requirements.
Video on Strong and Longer Passwords
Summary
| DO |
- Use a different password for each service you use (i.e. Ursinus Accounts, Gmail, Dropbox, iCloud, etc.).
- Use a passphrase where you can, because length is more secure than complexity.
- Utilize capitalization and symbolic substitutions where possible.
- Misspell or Abbreviate words.
- Use more than 4 numbers in a pin number or passcode.
- If you choose a memorable phrase (two or more words) shorten it to make it useful if it's too long for a given system.
- Change your password periodically (annually would be a good start), or if you think it has been compromised.
|
| DON'T |
- Use simple or dictionary words (e.g. Password123, Townsville123).
- Choose passwords with fewer than 12 characters.
- Choose words or phrases that do not mix upper and lower case, or do not mix letters or numbers, or do not mix letters and punctuation.
- Write your password on a post-it note and stick it to your monitor.
- Use easily guessable words (e.g. phone numbers, address, email, date of birth, name in any form, ID numbers, login name, all numbers, all letters, friend, relative, pet, etc.)
- Choose single English or foreign words or a single word followed by numbers.
- Tell anyone your password – this includes all Ursinus College employees.
|
Passwords stand as our initial defense against unauthorized access to online information. If your Ursinus College password is breached, a malicious actor might gain entry to services lacking multifactor authentication (Okta). Opt for a longer and more secure password, considering the use of a passphrase for added strength and uniqueness.
FAQ's