ITS Homepage Click here for text version of ITS homepage University at AlbanyUAlbany Site IndexUAlbany Search
Information Security Home
Threat Matrix
Security Threats
System Alerts
Security Defenses
Best Practices
Technical Controls
 
Security Tools
Network Standards


 Automatic Updates Automatic Updates

 Read EULAs Read EULAs

 GoodPasswordIcon.gif Good Passwords

 computerbombicon Safe Mode

 checklisticon Secure PC

 surfSmartIcon Surfing the Web

Information Security
 

Defenses: Best Practices

GoodPasswordIcon.gif Good (Strong) Passwords

When you consider that passwords are the most common forms of authentication used, and consequently all that stands between a cyber criminal and your personal data is a password, it makes good sense to use the strongest password you can think of (and remember) to protect your information.

All computers that wish to connect to the University network must comply with the Network Standards, one of which requires using complex passwords. But what is a complex password? And how do you create one that is difficult for hackers to crack, but easy to remember?

Creating a Complex Password:
The rule to creating a strong, complex password is to mix it up. Use a combination of numerals, letters (in both cases), and special (punctuation) characters. The longer the better. The key to remembering this jumble is to start with a meaningful word or phrase and make substitutions. For example, let's say your password is: Marathon. Using our rules, this could become: m@raTh0n.

Creating Passphrases: Length Beats Complexity
Even better than passwords, passphrases are just what the name suggests, alongstringofwords. It would take more than 34,000,000 days to break this passphrase. At just 18 characters, it is for all practical purposes, uncrackable. In fact, a 15 character passphrase would take almost 2000 days to crack. Remember, longer is better.

Dumb Passwords
Passwords that use dictionary words or names can be cracked in a matter of minutes, in some cases seconds, by password cracking software. Extensions such as adding a special character or number to end of a dictionary word are also easily guessable, e.g., William1*. In short, passwords that employ names or dictionary words are useless

Keeping your Password Secure:
After going through all the trouble of creating a strong password, it's just as important to keep it confidential. Don't share passwords; don't write them down. As tempting as it is, even if offered a chocolate bar, DO NOT GIVE OUT YOUR PASSWORD! It would be a shame to compromise your perfectly balanced (complexity vs. ease of remembering) and secure password by giving it away.

Lastly, if you give out your password, or think it has been compromised, you should change it immediately and notify your account manager.

Protecting the Administrator Account:
You should always have a complex password on the Administrator (or root) account of your computer.

-- Setting up/changing a password in Windows XP:

  1. Go to START > CONTROL PANEL > USER ACCOUNTS
  2. Click the icon of the account you want to put a password on.
  3. Click "Create a New Password"
  4. Enter the password (remember to make it complex and secure)
  5. Next, you can type a password hint (not recommended).
  6. Lastly, click "Create Password", and you are done!


-- Creating a new user in Windows XP:

  1. Go to START > CONTROL PANEL > USER ACCOUNTS
  2. Click on "Create a New Account"
  3. Type the name of the new account.
  4. Pick the permission level for the new account ("limited" is recommended).
  5. Finally, click "Create Account" (You should then put a password on it).

Glossary

 SiteMap