Passwords, Setting Strong Passwords
Recommendations for setting strong passwords
Set a different password for each website or application you log into
- Use different passwords for each site you visit. If someone obtains the password for one account, how many other sites or data can they access using that same password?
- Note that at this time, KeePass is the only approved solution for University passwords. A password management tool allows you to store your passwords in an encrypted tool safely. There are many software options to help you manage your credentials, security questions, etc. Some popular options include 1Password, LastPass, KeePass, and PassKey.
Use the longest password possible
- Different sites have different limitations on the number of characters you can use in your password. Longer passwords are harder to guess or hack than shorter ones. The University of Illinois accommodates NetID passwords up to 127 characters.
Use Two-Factor Authentication
Two-factor authentication (2FA) requires something you know (your NetID password) and something you own and have (your phone or token) to log in to a service. Without having your phone or token, a hacker won’t be able to receive or send the one-time verification required to authenticate. 2FA is required for faculty, staff, and graduate students.
Stop bad password habits
- Don’t use your address, birth date, or easily recognized or obtained information in your passwords.
- Provide obscure answers to security questions. Many times, security questions have answers that are easily obtained in other places. Your first pet’s name? Your kindergarten teacher’s name? Your mother’s/father’s middle name? Without thinking about it, many people include this information in blogs or social media posts.
- Instead of answering the question directly, consider adding an appended word to the end of the answer. For example, if the question is, “What city were you born in?,” answer “chicagobaseball” instead of “chicago.”
- Another option is to provide a false answer that you document and save in a password manager. For example, if the question is, “What was your kindergarten teacher’s name?,” answer “Jamaica” instead of the real answer.
Set a device passcode/password on your phone and other mobile devices
- Set your device to require a passcode or password to wake the device from sleep mode or to unlock the device. Many devices are accessed because they weren’t password protected.