Password Recommendations

Issue/Question

  • What makes a good password?
  • What are the universities views on handling passwords?
  • How can I make a good password?

Environment

  • Oregon State University

Cause

The University's Acceptable Use Policy requires that we keep our passwords to ourselves. While it's good to keep a password secret, most of us need to remember 2 or 4 or even more passwords for our variety of accounts. If you're like many of us, you can't remember what you had for breakfast, let alone the password you just had to change for that account you almost never use.

General Do's and Dont's of the password world

Password Don'ts

  • Don't share your password with anyone.
  • Don't use a common word like a name, a pet's name, or a common word out of the dictionary.
  • Don't use a number, like your birthday.
  • Don't leave your password in a place where someone can find it.

Password Do's

  • Do have a long password (12 or more characters)
  • Do use special characters such as !@#$%^&*()_+/|\<>,
  • Do use different passwords for different accounts
  • Do change your password if you think there's a possibility that it has been compromised.

Password creation techniques

Option 1: Use a Passphrase

A passphrase is easy to remember as it is often made up of a series of words that are more easily recalled than a string of random numbers and letters.

One example of such a passphrase could be Bigfoot had tea with my mother. You can make your password even stronger by including purposeful misspellings, as well as special characters. For example BIGf0ot h@d tea weth me m()ther

A word of caution when making passphrases, DO NOT use your favorite line or quote from a book, TV show, movie, etc. Hackers are getting smarter and have started to come up with huge lists of popular quotes from books and media in order to hack into long passwords that happen to be exact quotes.

Option 2: Use a Random Password Generator

Using a random password generator makes a very strong password. However, these are usually hard to remember so you will have to write it down. This isn't inherently bad, but store it in a safe place (like a wallet or purse) and don't write down anything else on it to identify what account it is paired with. Do not keep the password on your desk. Finally, remember to make sure you create a new password for each site you use.

Option 3: Use a Password Manager

A Password Manager is essentially a site that you store all your passwords for different sites on. This could be dangerous if breached so you will want to be sure the site you are using is VERY secure. The benefit of using a Password Manager is that you only need to remember one strong password used to log in to the manager. Once logged in, you can set passwords of enormous length for all of your accounts and won't need to remember them or write them down because the password manager has them stored in the cloud. One password manager that is popular currently is LastPass. For more information follow this link https://www.lastpass.com/how-lastpass-works

Conclusion

We hope these techniques help. If you have any additional suggestions for making a strong passphrase or password, please contact your Community Network support team and we’ll be happy to pass those along.

For assistance, contact the Service Desk.

Details

Article ID: 82227
Created
Mon 7/1/19 4:32 PM
Modified
Thu 8/13/20 8:35 AM