Keeping Your Passwords Secure

It is important to choose a strong password to help ensure the security of your on-line information and to develop good habits to safe guard your passwords. Here are some tips from ITSS:

Never share your password with anyone else. ITSS will never ask you for your password -- if you receive an email claiming that ITSS or some other University department requires your password, assume it's SPAM and disregard it.

Choosing Strong Passwords

The following suggested methods for choosing a strong password are taken from the Guide to Enterprise Password Management by the National Institute of Standards and Technology of the U.S. Department of Commerce. http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf

Mnemonic Method

A user selects a phrase and extracts a letter of each word in the phrase (e.g., the first letter or second letter of each word), adding numbers or special characters or both.

Phrase Password
Please be my best valentine! Pbmybval!
This is the worst car I have ever driven in my LIFE! TitwcIhedimLIFE!
I am definitely your #1 fan Iady#1phan

Although a mnemonic password is generally stronger than a dictionary password—for example, “Pbmbval!” would be much stronger than “valentine”—many mnemonic passwords are still susceptible to brute force guessing attacks. Common phrases converted into mnemonic passwords, without using unusual character substitutions or other alterations, can be guessed by attackers using dictionaries of mnemonic passwords.

Users that create mnemonic passwords should either avoid using common phrases, making up their own phrases instead, or should make significant unexpected changes to the passwords, such as changing capitalization and punctuation and spelling out one or more of the words.

Altered Passphrases

A user selects a phrase and alters it to form a derivation of that phrase. This method supports the creation of long, complex passwords. Passphrases can be easy to remember due to the structure of the password: it is usually easier for the human mind to comprehend and remember phrases with a coherent vocabulary than a string of random letters, numbers, and special characters.<

Passphrase Alternate Passphrase
to be or not to be 2.be.0r.nOt@to0.bEE
Dressed to the nines Dressed*2*the*9z

Combining and Altering Words

A user can combine two or three unrelated words and change some of the letters to numbers or special characters.

Words Password
"bank" and "camera" B@nkC@mera
"mail" and "phone" m4!lPh0N3