Where can I find guidelines for creating a secure password?
A secure password may be the only line of defense your computer possesses. If you have a weak password, a hacker may easily crack it and gain access to all the information that resides on your computer. This is just one of the reasons Wayne State University offers students and employees guidelines to create a strong password. By following these recommendations, you can help create a more secure computing environment at WSU.
WSU policy on Acceptable Use of Information Technology Resources, section 3.1
How to create a safe password
Creating a strong password can be a challenge. On the one hand, you want something that will be easy to remember so you can access your account. On the other hand, you need a password that is strong enough to withstand guessing or cracking attempts.
To increase strength, make sure your password includes:
- Eight or more characters
- Upper and lower case letters
- Numbers
- Symbols
Make sure your password DOES NOT include:
- Your username or account number
- A single word
- Your pet's name
- Your birthday, phone number or your address
While using the same password for all of your online accounts is bad, creating some sort of pattern for how you create your passwords is actually one of the recommended ways on how you can keep your online identities secure. In the end, you need to create a password that is meaningful to you, but meaningless to everyone else.
- The longer the password, the better. Adding just three additional characters to your password can make it over 140,000 times harder to guess if you are using uppercase and lowercase letters.
- Stay a little abstract. For example, say you enjoy bird watching and want to incorporate that meaning into your passwords. Don't use bird watch or something simple. Instead, think of a place or a time in which you had a great time bird watching. Then recall an object or a thing that stuck out in your mind at that time and use that final idea as your password, e.g. L@keErie3Hawk.
- Don't just add a number to the end of your current password. All the bad guys know you do this and they alter their attacks to compensate.
Keeping this in mind, see how much more important it is to add complexity into your passwords. In the case of a 10 character password:
Character Sets Used in a Password | Possible Combinations |
All lowercase | 141,167,095,653,376 |
Lowercase and uppercase | 144,555,105,949,057,024 |
Lowercase, uppercase and numbers | 839,299,365,868,340,224 |
Lowercase, uppercase, numbers and special characters | 59,873,693,923,837,890,625 |
A common solution is password managers. These tools save all of your passwords to all of your services and encrypt them securely. To access any of the services, you must enter a super-secure password and verify your identity. If you choose to use a password manager, be sure it is secure and trusted.
How to safely use a password
- NEVER share your password: Sharing your password can create personal, legal and campus security problems. If someone has your email password, they may use your account to send an offensive or harassing email. It's important to remember -- specifically with your WSU email account -- that you are responsible for its use. Do not be tricked by email messages that seem to come from a legitimate source telling you they need your password, these are phishing scams. No legitimate company or institution will ask you for your account or personal information via email.
- NEVER write down your password: This is one of the easiest ways for someone to obtain your password without your knowledge. Sometimes people hide the written password under their keyboard or in a desk drawer, thinking it's safe. This really isn't the case; while you're away from your office, someone could take a quick look around and spot your password written down.
- Update your password: Using a password for an extended length of time makes it susceptible to being discovered. A general guideline is to change a password every 90 days (if you have technical support staff, they may have instituted a different timeline, so check with them). Also consider what you use the password for. If you are logging into the New York Times, then it isn't as imperative to change this password as frequently, but if you are logging into a university server or database that contains sensitive information, such as financial records or social security numbers, you want to change that password much more often.