Body
Overview
Your university password or passphrase is the key that provides access to your North Central services, such as email, financial systems, and various websites. Learning how to strengthen your university password or passphrase will help keep your private information safer. This article shares tips and best practices to help you stay secure.
You can also apply these dos and don'ts to your other online services, such as non-NCU email, credit card and bank accounts, e-commerce, and social networking sites.
Alert: Never reuse a password that was stolen, or use an altered version of it because your university account and your personal information will remain at risk. Once a password is stolen, abusers will attempt to use it again, including variations of it.
Strengthen Your Passwords
Secure passwords have at least 12 characters and combine letters, numbers, and symbols and may include spaces. Choose passwords that are easy to remember but not easily guessed. Continue to read more tips to help you choose strong passwords.
Do use:
- Longer passwords
Use a password of at least 12 characters. The longer your password, the harder it is to guess.
- Multiple character sets
Use a mixture of upper and lower case letters, numbers, and punctuation such as !, @, #, etc. Try to use at least three out of the four character sets available on your keyboard, which include KK, nn, 123, !@#; however, avoid using characters that do not appear on a standard keyboard, as they may not work correctly in all circumstances and you could find yourself unable to access your account.
- Letters chosen from words in a phrase or song lyric
Think up a phrase. For example, Marx's Communist Manifesto has 8196 words in it. You can use that as your passphrase, or choose the first letter from each word of this phrase. Note, this example includes punctuation to improve the quality of the password.
- A combination of few pronounceable nonsense words and punctuation
For example, nuit+Pog=tWi. Pronounceable nonsense words are easier to remember than random characters.
Do not use:
- Dictionary words or names in any form
Dictionary words are common words, names, dates, or numbers. Don't assume that this is limited to English dictionaries; if you can find it in the dictionary of any language, even fictional ones like Klingon, don't use it! One standard method for cracking passwords is a brute force attack, in which the attacker tries using dictionary words and and names, over and over again, from various languages.
- Common misspellings of dictionary words
Many password cracking dictionaries include both common misspellings of words and those with letters replaced by similar-looking numbers, for example, replacing E with 3. You should also avoid simply adding a numeral to the beginning or end of a word.
- The name of your computer or user account
Since this kind of information can be easily discovered, these passwords can be very easy to guess.
- Sample passwords
If the password appears in a document that is public and seen by many others, don't use it.
Strengthen Your Passphrases
Secure passphrases must be at least 19 characters in length and include punctuation and spaces between words or letters. Unlike a password, passphrases need at least some dictionary words to function properly. While passphrases provide a considerable amount of security, some sites do have restrictions on length, so you will need to work within the limitations of the service or site you are using. Read more tips on creating secure passphrases.
Do use:
- Something unique and memorable to you
You may choose to use a passphrase instead of a password you find a passphrase to be more memorable. Your passphrase might be based upon a favorite childhood memory, favorite food, or place you've visited, experiences you've had, or some combination of these things. This example, Paris soccer FoieGras11#, is based upon a favorite childhood memory and favorite food.
- Longer Passphrases
Passphrases must be at least 19 characters long since passphrases rely on length for security instead of complexity as opposed to passwords. Using spaces and punctuation can make this easier to remember.
Do Not Use:
- Famous or well-known lyrics or sayings
While lines taken from the U.S. National Anthem might seem like a good passphrase, these lines are famous and widely recognized. In practice, they make bad passphrases because they are easy to crack. If you like the idea of basing your passphrases on a favorite book, song, movie or play, consider taking a passphrase from a work that is both meaningful to you and not very well-known. Do not use anything easily found in a book of quotations, an online quotation compiler, or that can be found easily by Google.
Smart Computing with Passwords and Passphrases
Creating strong passwords and passphrases is not enough by itself. You also need smart computing habits.
Do Not Use the Same Password or Passphrase for All Your Accounts
Using the same password or passphrase for multiple services is very dangerous because if it is stolen from one service, hackers can use it to access all your other accounts. While having a completely different password for each service you use is impractical, you should consider what the password is protecting when you choose it. Some services may not require very strong passwords if they do not collect any private information. If you are unsure, always opt to use a different password.
Also, consider using a password manager, such as Password Safe or LastPass to help manage multiple passwords.
Never Share Your Password or Passphrase
Never give out your password online or over the phone to others. Email and phone requests for your this information and other private information are phishing scams. University administrators or reputable companies, such as your bank or credit card company, will never request this kind of information through email, fax, or phone.
Don't even share your passwords with friends or family members. Especially do not give anyone your university password to gain access to any North Central service or the wireless networks on campus. This is a violation of the university's acceptible usage policy.
Use Non-Secure Networks With Care
As a convenience, hotels, restaurants, and businesses often offer public internet access. Use this access carefully, and avoid accessing confidential information such as financial data using these networks. Hackers often target these networks to obtain confidential information for financial gain.
Change Your Password or Passphrase Regularly
As a good practice, change your passwords regularly, preferably at least once a year. Passwords protecting your most Sensitive Information should be changed more frequently. Password manages can also make the process of keeping track of these password changes easier.
Do Not Store Your Password Within Web Applications
Many web browsers and email clients offer to store your passwords. This is not the best idea and should be done with care. Never store passwords associated with important services, such as financial accounts. Computer viruses and spyware programs can easily retrieve stored passwords from these accounts. They may even be able to distribute your passwords or passphrases before you notice that anything is wrong.
Never Use Information in a Password or Passphrase Which Can be Found Online
None of your password or passphrase information should be available online. For example, the names of the street you grew up on, your personal blog, the states you lived in, or your relatives' names. All of these examples of information can all be easily found online, and some websites are devoted solely to compiling biographical information about you, such as MyLife or Ancestry.
Store Written Copies of Your Passwords or Passphrase Safely
While you should avoid keeping written copies of your passwords or passphrases, sometimes you might have a specific need to write one down. If you need to write down your password or passphrase temporarily or access it from a written source, please store it in a safe place. Do not write your passwords down and place them under your keyboard or in an unlocked drawer. If you must write them down, consider leaving out some of the easily-remembered characters and inserting them when you type them in. Destroy the paper once you have memorized the password.
- Never write down the name of the service that the password applies to. For example, if the password is for an Adobe application, do not write Adobe: spacecamp MashedPotatoes4! on a sheet of paper.
- Leave some characters out. Instead of writing spacecamp MashedPotatoes4! write down an abbreviated form that only you'll understand, for example, sc MP4!
Use Two-Factor Authentication (2FA)
Two-factor authentication (2FA) is the single most important thing you can do to protect against stolen passwords, phishing scams, and other attempts to take over your online accounts and steal your data. If the service you are accessing supports 2FA, enable it!