Week 4: Secure Password Management

Secure Password Management

Week 4: Secure Password Management

Passwords are the keys to the doors protecting our data, identity and online resources. Every new online service we sign up for asks us to create a password to protect the account. Choosing a new password is sometimes no easy task! Most services ask for at least one uppercase letter, one lowercase letter, one number or symbol, and at least eight characters in length. This describes UIC’s current minimum password rules as well.

It’s no wonder that people sometimes make the poor decision to reuse the same password everywhere, use a slightly altered password, or to never change their passwords.

Nowadays, the University of Illinois at Chicago recommends using a password manager such as KeePass (Windows), KeePassX (Mac and Linux), or LastPass (multi-platform) to securely store your passwords, and to assist with creating a strong password by using a random password generation feature.

With a password manager, you only have to remember the master password used to access the password manager. An easy way to create a master password is to take your three favorite passwords and jam them together so you have one long password that you are already familiar typing. After that, just use the password generation feature to create all of your passwords. Remember that when generating a password you should always use the maximum allowed password length.

If you absolutely must create a password on your own, one good idea is to take a few words and put them together; this is known as a passphrase. xkcd has a funny comic about creating passwords illustrating this technique. If you wish to add numbers or symbols, you can still either use the common substitutions poked fun at in the comic (i.e. zero for o, exclamation for i, …) or you can separate the words with symbols and add some numbers to the beginning, middle and/or ending. The key is to make the password as long as possible, while still allowing it to be easy enough to recall and hard enough so that no one else can figure it out.

Did you know that it is estimated to take less than 1.2 minutes to crack a complex 8 character password, whereas a complex 16 character password can take up to 1.41 hundred million centuries to crack (according to web site grc.com/haystack)?

So now that you’ve taken a minute or two to read about a few tips on password management, take a few more minutes to download a password manager and get started by securing your accounts with strong passwords. You can start by visiting password.accc.uic.edu to change your ACCC Common Password.  And remember, never share your password with anyone!

Cinderella Poster