Computing Corner

Security Awareness - Passwords
By Margie Rogis
Data Security Administrator

The Importance of Passwords in Securing Resources

With the rapid growth of computer networks and our reliance on the machines they link, adequate computer security is vital. The person who might break into a computer and destroy data could be on the other side of the campus - or on the other side of the world.

In most computer systems, the primary line of defense against an intruder is the account ID/password authorization procedure. If this procedure is compromised, the intruder has complete access to your files, acquires your level of access to university resources and can use this "toehold" to attack other parts of the system. Most unauthorized access is gained through an easily guessed password or one that has been written down. While an account ID may be public information, the password is the key to the vault.

Choosing a "Good" Password

Well-chosen passwords are extremely important. The best password is one that is easy to remember and hard to guess. Many users select words or names of people for passwords, allowing hackers to break in quite easily.

Hackers usually have access to online dictionaries and phone books to simplify the process of guessing login passwords. If successful, they can log in to a system and root around virtually undetected. One should therefore get in the habit of choosing a password that is not in a dictionary or a phone book and cannot be easily guessed.

Consider using a password created from the first letters of a memorable phrase instead of choosing a word or someone's name or nickname. For example, the phrase "I like to ride horses on the weekend" yields ILTRHOTW as a password. Imaginative and easy-to-remember phrases are easy to think up. With a minimum of screening, it is unlikely that any of the resulting passwords would be in dictionaries or phone books.

Passwords that combine alphabetic and numeric characters, such as latke304 or capote70, are also difficult to guess. To deter hackers from trying all possible combinations of letters, passwords should be at least six characters long.

Passwords should not have a connection to you (e.g., your car license plate), be composed of patterns from the keyboard (such as "qwerty" or "aaaaaa") or match a reversed word in a dictionary.

Here are some password tips to further deter hackers:

  • Use a combination of upper and lower case letters;
  • If you make a written record of your password, store that record in a secure place;
  • Be certain no one watches you type your password;
  • Change passwords regularly, but not too often, and do not reuse them;
  • If you think someone has guessed your password, change it immediately;
  • If you plan to be away for a while, notify the Office of Computing and Communications Services so it can temporarily disable your account;
  • Never store a password in a file;
  • Never send a password by e-mail;
  • Use a different password for each system that you access.

    Please Note: Account owners should not tell anyone their password or let anyone use their accounts. No one, under any circumstances, has the right to require that the owner share that information; that includes supervisors and personnel from OCCS. Any employee feeling pressure to share his or her password should call the OCCS security administrator at 683-3189.