How Can a Password Be Vulnerable?
- Many people do not change the default password that comes with some computer security systems. Lists of default passwords are available on the Internet.
- A password may be guessable if someone chooses a piece of personal information as their password. This can include a student ID number, boyfriend or girlfriend’s name, birth date, telephone number, or license plate number. Personal data is now available from various sources, and can often be obtained by searching social media or phishing techniques.
- A password is vulnerable if it can be found in a list of commonly-chosen passwords. Digital dictionaries are available for many languages and easy to access. In tests on live systems, dictionary attacks are so routinely successful that software implementing this kind of attack is readily available.
Password Do’s and Don’ts
|DO use a pseudo-random pass phrase to create passwords. Learn how to create these by reviewing our last Security Tip!
July 17- Security Tip: Password Security
|DON’T use your login name in any form; as-is, reversed, capitalized, doubled, etc.|
|DO include a mix of upper and lower case, numbers, and punctuation.
|DON’T use any names, be it a relative of yours or character in a novel, book, or movie.|
|DO use a password that you can type quickly without having to look at the keyboard. This makes it harder for someone to steal your password by watching over your shoulder.||DON’T use other information easily obtained about you. This includes birth dates, license plate numbers, telephone numbers, your street name, etc.|
|DO have classes of passwords to help prevent 1 compromise from affecting your other accounts:
||DON’T use a password made up of all digits, or of all the same letter. This significantly decreases the search time for a hacker.|
|DO use a long password (at least 10 characters)||DON’T use a word contained in English or foreign language dictionaries, spelling lists, or other words lists.vvvv|
|DO change your password regularly.||DON’T use a password shorter than 10 characters|
|DON’T share your password with anyone.|
|DON’T use “remember my password features.”|