Passwords protect access to just about every piece of digital information, from bank accounts and private email to social networks, chat conversations and more.
Brock’s Information Technology Services (ITS) team is reminding users that attackers are always looking for ways to uncover a user’s password. Common methods used to reveal passwords include:
- guessing a password;
- brute-forcing, a computer-assisted hacking method that uses trial and error to discover a password;
- stuffing, a method of hacking where attackers use compromised credentials to try and log into other websites or services;
- malware, especially keyloggers; and
- phishing scams.
Users can defend against malware and phishing scams by being careful about opening email attachments or clicking links in emails. To protect themselves from other attacks, users need to pick strong, memorable passwords.
A strong password is:
- Irregular to avoid simple guessing. Avoid changing a password by switching out just one character, for example.
- Complex to avoid brute-forcing. A strong password is long and uses a variety of characters, including uppercase and lowercase letters of the alphabet, numbers and special characters.
- Single-use to avoid stuffing attacks. Avoid using the same password for multiple websites or services.
Users can use a number of strategies to make passwords that are both memorable and strong, including:
- Using the initials of a phrase along with other characters to create a password. For example, the phrase “I want to create a strong password” could be used in the password Iw2CR8a!!!pw.
- Combining numbers and special characters with several unrelated words, such as vivid-wrung-octopus-misapply.
Users can also generate and keep track of their passwords with a password manager application.
Beyond digital security measures, users should be aware of their surroundings when entering their passwords into a device or service to ensure nobody can see what they’re typing.
Anyone with questions about password security can reach out to ITS for assistance at email@example.com