Password, Setting Strong Passwords

Recommendations for setting strong passwords

Passwords

  • Use different passwords for each site you visit: If someone hacks one account and gets your password, how many other sites, or how much data can they access, using that same password?

    • Set a different password for each website you log into.

  • Use a password management tool: A password management tool allows you to safely store your passwords in an encrypted tool. There are many software options to help you manage your credentials, security questions, etc. Some popular options include 1Password, LastPass, KeePass and PassKey. Note that University security standards do not permit the storing of University passwords in the cloud. Therefore, KeePass is the only approved solution for University passwords.

  • Use the longest password possible: Different sites have different limitations on the number of characters you can use in your password. Longer passwords are often harder to guess or hack than shorter ones.

    • The University of Illinois allows NetID passwords that are 127 characters long.

  • Use Two-Factor Authentication: Two-factor authentication (2FA) requires something you know (your NetID password) and something you own and have (your phone) to log in to a service. Without having your phone, a hacker won’t be able to receive the phone call or text message required to log into your account.

  • Stop bad password habits: This is pretty simple. Don’t use your address, birthdate, or other easily recognized or obtained information in your passwords.

    • Check out this handy little video for more on bad password habits.

  • Provide obscure answers to security questions: Many times, security questions have answers that are easily obtained by hackers. Your first pet’s name? Your kindergarten teacher’s name? Your mother’s/father’s middle name? Without thinking about it, many people include this information in blogs or social media posts.

    • Instead of answering the question directly, consider adding an appended word to the end of the answer. For example, if the question is, “What city were you born in?,” answer “chicagobaseball” instead of “chicago.”

    • Another option is to provide a completely bogus answer, which is easily documented and saved in a password manager. For example, if the question is, “What was your kindergarten teacher’s name?,” answer “Jamaica” instead of the real answer.

  • Set a device passcode/password: Set your device to require a passcode or password after waking up from sleep or to unlock the screensaver. It sounds simple, but many devices are accessed because they weren’t password protected.




Keywords:security, privacy, information, password   Doc ID:69112
Owner:Security S.Group:University of Illinois Technology Services
Created:2016-11-30 11:39 CSTUpdated:2017-01-06 15:25 CST
Sites:University of Illinois Technology Services
Feedback:  0   0