tigertech-banner

Password Tips

 

 

 

 

10 Tips for More Secure Passwords

  1. Use 10 or more characters. The longer the password is, the longer it takes to guess.
  2. Include capital letters, lowercase letters, numbers, and symbols. A complex password is more difficult to guess than a password containing all numbers or letters.
  3. Use a password phrase. Think in terms of multiple words, not a single word. A single word is easy to hack, even if you add a few numbers or special characters.
  4. Use mnemonics to help you remember your passwords. There are many tricks for making a memorable password, so find one that works for you. See examples below.
  5. Use different passwords for each application or website. This protects you if a website or application is ever compromised. Criminals will try stolen passwords from one web site on other web sites. See below for tips on remembering multiple passwords.
  6. Keep it secret. Never share your password with anyone, not even your best friend or administrative assistant. If someone needs access to information, go through proper channels.
  7. Never store passwords in an unlocked drawer. A note under your keyboard or in an unlocked desk drawer can be stolen. If you must write down your passwords, keep the paper locked in a drawer or cabinet that only you have access to.
  8. Never store passwords in an unencrypted file. Notes on your iPhone, a document on your Google drive, or a text file on your computer can all be stolen. Use a password manager, such as LastPass, to encrypt and store passwords.
  9. Beware of phishing scams. Don't click links in unsolicited emails. Always type addresses directly into your browser or use a bookmark to get the login page for a web site. FHSU will never email you asking for you password.
  10. Change your password periodically and whenever you suspect it has been compromised. Change your password immediately if your friends complain about getting spam from your email or social media account, if you accidentally click on a suspicious link, or if you hear a company has been hacked. Than change the password on every other web site or application that uses the compromised password (and don't set them all the same this time!). Change all of your passwords at least once a year, just in case they were compromised without your knowledge.

There are many methods of creating a strong, memorable password, and just a few are listed here. Find a scheme that works best for you.

Method 1: Turn a sentence into a password

This is as simple as thinking of a sentence, then using the first letter of each word for your password. Add in some punctuation and capitalization, and you'll have a strong password. You can learn this method by watching this video from Sophos.

It's best to avoid song lyrics, movie quotes, or other sentences pulled directly from pop culture. Someone else could have come up with the same sentence (and therefore the same password), so the password could already be compromised. One trick is to use a sentence about yourself, like the examples below.

Examples:

When I was 5, we drove to Texas. = WIw5,wdtTX.

Sarah and Tiffany were my best friends in first grade. = S&Twmbfi1g.

Method 2: Visualize It

Researchers at Carnegie Mellon University have suggested using the Person - Action- Object (PAO) system to generate a visual story. To use this method, think of an interesting place, a familiar or famous person, and a random action. Put these elements together into a sentence that you can visualize, and use that mental image to generate your password. A ridiculous or silly mental image may be easier to remember.

Example:

Victor E. Tiger riding a bike on the moon! = VETrabotm!

Method 3: Create your own password formula

If you want to take the first two methods a bit farther, create your own set of rules for turning a sentence into a password. This can also help you remember different passwords for each site because you can apply the same rules to a different sentence for each site.

1. Start with a sentence. See "Method 1" above for some ways to

2. Make rules about whether to use full words or just the first letter, which letters to substitute, and which letters to capitalize. Store your rules in a locked drawer or encrypted file, and be consistent with every password you make.

- Use a different starting sentence for each account, but apply the same rules. You can store the sentences in a locked drawer or encrypted file, as long as you don't store your rules in the same location. For example, you could keep the sentences in an encrypted file and the rules in a locked safe at your house.

- When it's time to change your password, choose a new sentence and apply the same rules. Or, keep the same sentences and apply a new rule.

Examples:

Rules: first letter of each word, spell out and capitalize second word, substitute - for 1st vowel and 3 for 3rd vowel

The window is blue. = tW-ndow3b

Rules: first letter of each word, + for 1st vowel, capitalize 3rd word, 5 for 5th word

When I was 5, we drove to Texas. = w+Wf5dtt

Method 4: Use a Mnemonic to Memorize a Generated Password

Were you taught a phrase such as "My very educated mother just served us nachos" to remember the order of the planets? You can use the same technique to remember a random password. Many password managers include a random password generator, or you can use this online random password generator.

Examples:

92LcHjpPed (92 LLAMAS can HAVE jalepeno potatoes PRACTICALLY every day)

Method 5: Diceware

This method is a bit more complicated, but it really does work and can result in longer passwords than the methods listed above. Passphrases that contain real words are supposed to be easier to remember, as illustrated in this xkcd comic. The real trick to using this method is choosing random words, not a song lyric, movie quote, or any phrase that is grammatically correct. Password crackers check for millions of word combinations, so a phrase like "twinkle twinkle little star" or "I love my brown dog" is readily hackable. To use the Diceware Method, download a numbered list of random words, roll 5 six-sided dice, and choose the word that corresponds with the number rolled. Even if a hacker has the word list, it would still take years to crack a password containing 6 words. You may need to add a special character or capital letter to meet password complexity requirements.

Examples:

cover elite fabric sags detox knew1

mire silks stalk beau cult Glean

More information:

The Diceware Passphrase Home Page, created and maintained by the creator of Diceware

Passphrase Generator that uses Diceware

 

Once you know how to create a strong, memorable password, it's time to graduate to the next level: Using a unique password for each web site or system. It may seem impossible to remember dozens of passwords, but it can be done! And no, you shouldn't just write them on a sticky note tucked under your keyboard!

Method 1: Use a Base Password

Make a strong base password, then add a custom element for each place you use it. This is less secure than a completely distinct password for each account because the base password could be compromised and used to guess other passwords. However, it's still better than using the same password in multiple places.

Base password = fairy_lemon_star_silky

Password for Amazon = fairy_lemon_star_silky4AmZ

Password for Bank of America = fairy_lemon_star_silky4BankoA

 

Method 2: Write it Down (In a Smart Way!)

 

Best method: Use a password manager, such as LastPass or KeePass, to store your passwords in an encrypted file. Make sure your master password is as long as you can possibly remember (try for 15 characters), and do some research before choosing a password manager.

Less secure, but still okay: Keep a list of passwords in a locked safe that only you have the key to. For extra security, keep a list of usernames in a separate, secure location.

DON'T: Keep passwords on your monitor, under your keyboard, in an unlocked desk drawer, or in any other location that another human has access to.

DON'T: Keep passwords in an unencrypted file on your phone, desktop or laptop computer, network drive (H: drive), Google Drive, OneDrive, or anywhere else.

Method 3: Create your own password formula

Follow Method 3 under the Password Schemes section, then use different sentences for each account. Memorize your formula, store the sentences in a locked drawer or encrypted file, and you'll be able to piece your password back together if needed.

 

 

Back to top

Original text