Download - Strong Passwords How to make your passwords work for you…. Linda A. LeBlanc IT Security Support IS&T
Strong PasswordsStrong PasswordsStrong PasswordsStrong Passwords
How to make your passwords How to make your passwords work for you….work for you….
Linda A. LeBlancLinda A. LeBlancIT Security SupportIT Security SupportIS&TIS&T
Once upon a time….
The (old) Do’s & Don’ts of Passwords
DO!Pick a password you can remember! Make it REALLY hard to guess.Use upper and lower characters
DON’T!Write your password down ANYWHERE!Make them similar to each other.Use klingon or Elvish (Elven?)
Let’s be realistic… How many passwords do you have?Don’t forget your ATM, Insurance Phone Tree, your Bank Account Test question…How are we supposed to remember them ALL???
We know you write them
down….somewhere.Underneath your keyboard?In your top desk drawer?On your monitor?(Please say it’s on the back at least!)The little notebook marked PASSWORDS?The sheet of paper folded and sticking out of the dictionary above your head?
The Dilemma:I’m supposed to remember but it’s not supposed to be a word in any language & it’s supposed to be hard to guess.If I forget it, there’s no way to recover it because I can’t write it down.My dog’s (cat’s)name isn’t a word, and has upper and lower case characters.
New, more realistic rules…
Use letters, numbers, special characters (upper and lower case).If you must write them down, separate the password from the account name, and keep them somewhere secure.Similarity and composition are not the same. (brainiac23 & brainiac12 are similar; fre:sZib61 and glii:tZul72 are composed in the same way)
Risk Assessment & Reality
You have to decide for yourself what level of risk you are willing to
assume when choosing how to secure your passwords.
We’re always scheming…
Develop password generation methods that work for you, and are easy to replicate.
Number/letter substitutions, nonsense sounds
Passphrases and acronymsGroup by account type. (what’s good for
mail, might not be sufficient for the IRA)
Exhibit A: My Father
One Password, Many Places…
Insecure accounts sharing a password with sensitive data accounts.
One FIVE letter word.
A new method…The Book of PsalmsChapter and VersePreserve Case, PunctuationAnnotate account w/matching chapter verse pair.
Exhibit B: My Bohemian Sister
w0rDz not words! Use nonsense sounds that are pronounceable.Build a word with all the requirementsSubstitute a number for a vowelUse the number combination for the vowels to identify the password.
More Ideas:Your favorite formulas?Chemical compounds? (EtOH is a little too simple)What else?
Last Writes…Establish a password generation method for yourself. Find a place to keep your passwords and keep them secure.Never reuse passwords EVER. Build a fresh one.
T he EndT he EndT he EndT he End
(of passwords as we know (of passwords as we know them?)them?)
More information and More information and handouts are handouts are
available from ITSSavailable from ITSS
More information and More information and handouts are handouts are
available from ITSSavailable from ITSSEmail: [email protected]: [email protected]