Good password management is pivotal in protecting your information. Passwords control access to your computer, e-mail account, and other sensitive information. Good password management also protects the information of others.
If your BSU account password were compromised, an attacker would be able to gain access not only to your computer and information but that of others, such as information stored on a shared (department) network drive or personal information others have sent to you via e-mail.
Eight (8) characters minimum and must contain at least (3) of the following (4) character groups:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Numerals (0 through 9)
Special Characters (!, #, $, &)
Your password MUST NOT:
Choosing a Good Password
A good password is one that is difficult to guess, yet is easy to remember.
There are many different methods with which an attacker can use to guess passwords. To make a password difficult to guess it must be long (8 or more characters) and seemingly random. A good password is a complex series of letters, numbers, and special characters that is easy to remember.
To create a good password, pick a long phrase that is easy to remember and take the first letter of each word in that phrase to form your password.
The first step in choosing a good password is to pick a phrase that you can remember. this example will use "I Pledge Allegiance to the Flag of the United States of America". To obtain the password, just take the first letter of each word and use the exclamation mark (!) for "I" and change the O to a zero (0). The new password is "!PAttF0tUS0a". Although this example uses the first letter of each word, you could also use the last letter or the first two letters.
Note: Do not use the example password given above. Knowing that you have read this document an attacker may make a guess at your password using the example password.
Store Passwords in a Safe Place
A good password is only as strong as how well it is kept secret.
A common mistake in password management is to write down a password on a sticky-note and paste it to a computer monitor or under the keyboard or desk. The best place to store passwords is in your memory and never reuse passwords on multiple websites and applications. However, it is not uncommon for someone to have multiple accounts for different services on the Internet. There are applications that will help you manage your passwords if you have a difficult time remembering them, or if you have many accounts on a lot of websites. Two of these applications are KeePass
The best place to store passwords is in your memory.
Every copy made of your password, such as writing it down, storing it on a computer, or telling it to another individual, is another copy that needs to be kept safe. Keeping your password in memory means no copies exist that need to be protected.
Keep Passwords To Yourself
Giving out your password to any person creates a copy of your password that you will not be able to destroy. Even if you trust the person you give your password to you take a big risk in giving out such information. You may take steps to keep your password secure, but the person you give your password to may not be as security conscious.
No one should ever have to ask you for your password.
Network administrators and other computer support personnel have ways of performing maintenance on your computer without the need of your password. If your computer is locked and needs to be unlocked to have repairs made, you, and not the support technician, should enter your password to unlock the computer.
If you should find yourself in a situation where you must provide your password, change it as soon as possible. This will limit the chances of someone gaining access to your information.
Change Your Passwords Often
Even with a mind towards security it can happen that your password is compromised. To help minimize the risk passwords should be changed often; at least twice a year. Many brute-force password cracking methods can take months to crack your password. By changing your password often your account is better protected. Should someone obtain your password, that information becomes useless the moment your password is changed.
Below are a few tips in regards to passwords and choosing a complex password:
- Choose a complex password. A complex password is one that is at least 8 characters long, has upper and lower case letters , numbers, symbols (i.e. !, @, #, $, *, &, ^, %)
- Do not share your password with anyone. Do not send your passwords using email or Instant Messaging (IM).
- Change the default username and password for all accounts such as email, bank accounts, computers, etc.
- Change your password regularly and often.
- Use a passphrase! For example, your password could be: "TheSunRisesInTheEast@6AM". The longer the password, the harder it is to crack it!
- You could pick a password from a sentence that you can remember. For example, "I come to work at 8 everyday of the week". This could be used to make your password "!ctW@8e0tW".
- Do not write your password on a sticky note.