University Of Houston-Victoria
CSATS - Computer Security Awareness Training for Students
Passwords are used to authenticate computer system users. They provide access to networks, computers, email, and websites. At UHV, strong and secure passwords are crucial for protecting the UHV network, VPN access to the network, and student email accounts (mail.uhv.edu). Moreover, passwords serve as a barrier between a hacker and your personal information.
As important as passwords are, most users do not follow basic password guidelines.
Strong passwords in particular are often overlooked for more complex and high profile security measures such as firewalls and anti-spam and anti-spyware software. All the high profile security measures in the world can be trumped by weak passwords.
A major problem with passwords is the sheer number of them that have to be remembered. As a result, most people resort to using passwords that are easy to remember. However, passwords that are easy to remember could make you an easy mark for password thieves.
Last year a hacker obtained some 32 million passwords from the social entertainment site Rock You. The security firm Imperva found in its study of the attack that most people used short, simple passwords. The report also revealed that 50% of users relied on slang words, dictionary words, or common arrangements of numbers and letters. The study found that the most commonly used password was "123456."
How fast can a password be discovered? In a brute force attack (i.e., automated guessing) weak passwords can be discovered in just 110 attempts. This means that a hacker can gain access to 1000 accounts in 17 minutes.
Passwords should NOT be:
- Based on personal information, such as family names, addresses, or phone numbers.
- Based on work information, such as room numbers, building name, coworker's name, or phone number.
- Made of a word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, or abcABC123.
- A word or combination of words found in any dictionary in any language, slang, dialect, or jargon.
- Based on your username, your real name, handle, nickname, or screen name.
Additionally, do not use the same passwords for all of your accounts.
Make sure that you keep your passwords secure and do not store them on your hard drive.
Next Step. Check your password at Microsoft's Online Safety Site.
- Weak Passwords
- Brute Force Attacks
- Accidental Disclosure of Passwords
- Use a password management tool.
- Store passwords securely.
- When completing web forms, click "No" when asked to "remember this password" by Internet Explorer and Firefox.
- Remember to sign-off and close out your browser when you're finished banking online or making purchases online.