This is the first story in a two-part series on password security. The second will run Thursday in UNMC Today.
Is your computer telling you it is time to change your password? Before you do, the Office of Information Security recommends you consider these characteristics of a secure password:
Length: Use a password that uses at least 12 characters. Although you don’t need to stop there. In fact, the more the better.
Multiple types of characters: Use a mix of lowercase and uppercase letters, numbers, symbols and special characters (i.e. &, $, -, @, etc.). It’s a good idea to start out with a lowercase letter and use capital letters somewhere else in the password.
Or even better, use a passphrase.
A passphrase, a strategy recommended by information security, is a simple sequence of words or strings of text and symbols, put together to form a password for logging in to your account. The result is a long, non-dictionary-based, difficult-to-crack password.
The main distinction between a passphrase and a password is that a passphrase is typically much longer, and it is comprised of entire words or variations of whole words to create nonsensical phrases that are easy for you to remember, but quite difficult for someone else to guess or crack through a hacking tool.
A passphrase works best if you pick a phrase that is meaningful to you: song lyric, a favorite memory, a favorite food. Remember, spaces and punctuation are a part of it as well.
How to create a strong passphrase
The best way to create a strong passphrase is to choose a set of words easy for you to remember. Don’t rely only on a famous movie or literary quote, song lyric, piece of personal information or a single word straight from the dictionary: the more effective passphrases also will include a mix of capitalization, numbers and special characters (i.e. &, $, -, @, etc.).
Given these ideas, consider this example: choose some words at random, that don’t really have a relation to each other but that hold some meaning for you:
toyota nebraska travel purple
Then, combine these words into a single strand of text by removing the spaces and adding some uppercase letters:
ToyotaNebraskaTravelPurple
That’s a 26-character nonsensical phrase that will still be very easy to remember. The next step is to add some numbers to provide additional security:
2015ToyotaNebraska1982TravelPurple
Then, try peppering in some symbols and special characters for good measure:
2015%ToyotaNebraska(1982)Travel&Purple!
Finally, consider switching the uppercase and lowercase pattern of the letters in the password. This is to ensure that dictionary-based attacks will be less successful:
2015%tOYotaNebRasKa(1982)traAVel&pUrple!
So now, we have a 40-character network password, with lowercase and uppercase letters, numbers and multiple symbols. That was easy!
Easy to remember? Give me a break! The only way most people remember a PW like that is with a PW file or notebook.