ID #1141

How do I create a strong password?

The University defines strong passwords as passwords that will take a computer at least 6 months to try all possible combinations of the letters, numbers and special characters contained in your password.The University requires strong passwords on all UIndy accounts. Passwords must be changed a minimum of once every six months.

The following are characteristics of a strong password:

  • contains lower case and upper case letters (a-z and A-Z)
  • contains numbers as well as letters
  • contains special characters such as: !@#$%^&*()_+|~-=\´{}[]:â€?;'<>,./)
  • is at least eight characters in length
  • is not a word in any dictionary, English or other
  • is not based on any bit of personal information: pet names, birth date, street names, etc.
  • is not based on anything to do with the University of Indianapolis, UIndy, Hounds, etc.


Please DO NOT USE any of the following as part of your password, as they may disable your ability to log into some systems:

  • A question mark - ?
  • Double quotation mark - "
  • Blank spaces


Passphrases

You may want to consider changing from a password to a passphrase. A passphrase is simply a phrase or sentence following the same guidelines as above for passwords. Because a phrase contains many more characters than a password, it tends to be more secure.

The best passphrases are unique to you, rather than well-known quotations, song lyrics, or sayings. There are hackers who can crack passphrases based on well-known strings of words. For example, “Seize_the_day” would NOT be a good passphrase.

Here are some tips for creating a strong passphrase:

  • Unique to you
  • Not a famous quote, common phrase, or song lyric
  • Contains four or more words
  • Total length is more than 20 characters
  • Incorporates numbers, symbols, upper and lower case letters, EXCEPT DO NOT USE:
    • question marks (?)
    • double quotation marks (“)
    • spaces


Passphrase Examples

  • 2003-ourfamilyvacation2HiltonHead,NC

  • Sav$ng-4-a_nuPrius!

  • Summ3r2010in*@thensgrEEce

 

How easy could it be to guess my password?

Passwords are obtained in several ways -- some technical, some not.

  • Brute force:  Hackers use computer programs that try every possible combination of letters, numbers and special characters until the password succeeds.  The longer the attack takes, the more likely the hacker will give up.  Today’s desktop computers can try 15 million password combinations per second—that means a 9-digit number can be cracked in 1.5 minutes!
  • Dictionary comparisons: Software iterates through English and dozens of other language dictionaries to systematically try every word until the password succeeds.
  • Phishing: You are directed to an imposter site that looks exactly like Amazon.com, Paypal.com, UIndy webmail, etc.
  • Localized: The thief swipes a Post-It Noe from your monitor, a note from under your keyboard, or watches which keys you press as you enter your password.


Example password

Complexity

Time to Crack (minimum)

clouds

6 lower case letters

0.4 seconds

Buffa10

7 upper and lower case letters and numbers

1.5 days

m0b@10HiWa

10 upper and lower case letters, numbers, and 1 special character

2.5 years

 

 

 

Read the University's password policy

Tags: -

Related entries:

You cannot comment on this entry