Image: Threats and Attacks Against Your Network, Aries Institute of Technology
Yesterday’s Tip #15 mapped out the perils of sharing your password and why it’s important to have a robust and different password for each of your accounts. Today, we offer some tips for creating a strong, secure password.
- Don’t use one password across multiple accounts. It’s possible that an employee at a site where you use that password could share it or use it to break into your accounts at other sites.
- Create passwords that are at least 8 characters long. The longer the better; lengthier passwords are harder for thieves to crack.
- Avoid using simple dictionary words. If it’s in the dictionary, someone might guess your password. There’s even software that criminals use to test for real words used in passwords.
- Infuse numbers, capital letters and symbols into your password. Consider using a $ instead of an S or a 1 instead of an L, or including an & or %. *Note that “$1ngle” is NOT a good password. Password thieves are onto this. But something like “Mf$1avng” (short for “My friend Sam is a very nice guy”) is an excellent password.
- Don’t post your password out in the open. This might seem fairly obvious, but studies show that many people post their password on their monitor with a sticky note. Not a good idea! If you feel that you must write your password down, hide the note somewhere where no one can find it.
- And of course, never tell anyone your password. Never give it to friends, even if they’re your best friends. A friend might – perhaps even accidentally – pass your password along to others or become an enemy and abuse it.
Our website has more details about Fordham University’s password policies and guidelines.
By Nicole Kagan, Fordham IT News Editor
A recent article from PC Magazine highlights research from Google surrounding the limited effectiveness of secret questions for account recovery:
“Not being able to remember your secret question responses is
annoying, but Google said the bigger concern is hackers who try to
hijack accounts using “mass guessing attacks.” With weak answers, it’s
not that difficult: a 2009 report from the Institute of Electrical and
Electronics Engineers said that researchers guessed about 10 percent of
people’s answers by using common responses.
In an era of openness, meanwhile, where your every move is chronicled
online, it’s not hard to find things like place of birth, mother’s
maiden name, or high school mascot by trolling a Facebook or Twitter
account. This type of scenario is potentially how hackers gained access to
celebrity iCloud accounts last year. “Certain celebrity accounts were
compromised by a very targeted attack on user names, passwords, and
security questions, a practice that has become all too common on the
Internet,” Apple said in a September statement”
eBay is asking users to change passwords as soon as possible. Officials say no financial data was implicated, and the company hasn’t found any evidence of unauthorized activity resulting from breach.
Further information: http://www.theverge.com/2014/5/21/5737914/ebay-will-ask-all-customers-to-change-passwords-after-massive-breach
If you have any questions please contact IT Customer Care at 718-817-3999 or via email: firstname.lastname@example.org.
Did you know that your AccessIT ID password is an integral aspect of Fordham IT’s online security program? Your password adheres to certain rules that make it complex enough to thwart the potential theft of sensitive information accessed through your Fordham account.
Passwords are often stolen when individuals accidentally respond to fraudulent requests for personal information. This is called a phishing attack and is the most common way for credentials like passwords and credit card information to be stolen. Sophisticated hacking techniques can steal many passwords at one time from large institutions. A password is not just an institution’s first line of defense against a cyber attack. It may also be the weakest link.
A victim of password theft might not discover that their password was stolen because it may not be used immediately. When a stolen password is used, however, it can wreak havoc on the lives of those affected and damage an institution’s reputation. That’s why changing passwords every now and then helps to limit the amount of time a stolen password remains useful.
To help keep personal information and other sensitive data as secure as possible, Fordham IT has implemented the Password Expiration Initiative. All AccessIT ID passwords are set to expire in Spring 2014 unless they are changed by individual users beforehand. Changing your password takes less than two minutes. Once you change your password, it will be set to expire again, in 180 days. (Be advised that the first time you attempt to access your Gmail from a mobile device after changing your password, you will be prompted to enter your new AccessIT ID password.)
Everyone is responsible for protecting Fordham’s systems. The Password Expiration Initiative is an important way for individuals to do their part and help Fordham IT fulfill its commitment to ensuring the online security of the entire campus community.
Please remember that Fordham IT will NEVER request passwords or other personal information via email. Messages requesting such information are fraudulent and should be reported to IT and then deleted. Fordham IT is committed to maintaining the integrity of the university’s online resources.
We can tell you more about the Password Expiration Initiative!
Visit our website http://www.fordham.edu/PWExpire to learn about
- Town Hall dates and locations
- Instructions for changing your password
- Password complexity rules
Follow us on Twitter: @FordhamSecureIT
Under no circustances should anyone ask you for a password nor should you provide your password. This holds true for any in person, email or over the telephone communications. Providing your password is a sure fire way to lead to infecting your computer or mobile device, personal and confidential data loss, and identity theft.
If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu