[IS&T Security-FYI] Tips for Creating Strong Passwords

Monique Yeaton myeaton at MIT.EDU
Tue Oct 5 13:28:23 EDT 2010 

October is Cyber Security Awareness Month!  The theme is "Our Shared Responsibility" – i.e., we all have a responsibility to practice good "cyber hygiene" to protect MIT, others and ourselves.  Just as getting a flu shot and washing your hands can help prevent flu, so too can some software tools and good computing practices protect against computer security incidents, including data breaches.

This email is a first in a series of weekly tips I will be be offering to the community. I hope they will be useful to you!
Tip of the week: strong (complex) passwords

Would you have one key made that opens your house, your car, your office, and your safety deposit box?  Of course not!  Use different passwords for different activities and keep your MIT passwords separate from passwords you use for personal business. 

Create complex passwords, using a scheme you can remember, but which others won’t be able to guess.  This means:

•       8 or more characters (longer is better)

•       a combination of letters, numbers and special characters (e.g. %, &, @, !, $)

•       avoid using “$” for “s”, or “@” for “a” – the bad guys know that trick

 

Some examples (but please don’t use these):

•       51ex$ample# -- a word you will remember

•       1AAAD$KTDA!  -- using the first letters of each word from a phrase you will remember (An Apple A Day Keeps The Doctor Away)

•       #8paris$  -- make up a new ‘mother’s maiden name’ or ‘city where you were born’

 

Of course, you may have too many passwords to remember them all.

•       If you write them down, make sure the paper is kept somewhere inconspicuous (e.g. not next to your computer, or filed under “P” for passwords)

•       If you create an electronic file (e.g. Word, Excel) be sure to encrypt it – password protecting the file is not enough! 

•       Consider using a secure, online password function, such as LastPass, or the secure functionality on your smart phone (although not endorsed by IS&T, here is the site for LastPass: https://lastpass.com/)

 

Note that a strong password for some, may not be strong enough for others, and password policies differ for each system that requires a password for access. Using much longer phrases (using more than 20 characters) for passwords is another option. For more about passwords, see http://ist.mit.edu/security/passwords.

Please contact the IT Security Systems & Services team (security at mit.edu) if you have any questions, comments, or would like the team to give a presentation to your department or group.  If you have a concern about sensitive data, or believe data may have been exposed, contact infoprotect at mit.edu.


Monique

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20101005/e0ab0660/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NCSA_RecStaysafe_StaticBanner_wurl.jpg
Type: image/jpg
Size: 6478 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20101005/e0ab0660/attachment.jpg

More information about the ist-security-fyi mailing list