Help Index > Security Information and Advisories

What is a Secure Password?

[Also see - MCG Administrative Policies and Procedures, Information Security Policy: Password Protection]

Security Versus Convenience
First off, there is an inverse relationship between convenience and security. As you increase security, you lose convenience.

What is Security?
Webster's Dictionary: Measures taken to guard against espionage or sabotage, crime, attack, or escape.

H. Stanley Judd: "The ultimate security is your understanding of reality."

Kinds of Security Breeches

• Natural Disasters: fire, flood, tornado, etc.
• Nonhuman: product failures, bugs, etc.
• Human: Malicious Insiders - disgruntled students, faculty or employees
• Malicious Outsiders - hackers, crackers, etc.
• Nonmalicious - untrained or uninformed students, faculty or staff

One of the university's  most valuable assets is the information stored in computer files on our desktop computers and on the local area network.

Who’s Breaking In?

• The Culprits are: corporate spies, governments, terrorists, career criminals, insiders
• The Motivation is: financial, competitive gain, national interests, religious, political ideals, control, power, revenge
• The People are:
  • Malicious Insiders - disgruntled students, faculty or employees
  • Malicious Outsiders - hackers, crackers, etc.
  • Nonmalicious - untrained or uninformed students, faculty or staff

What Makes Us Vulnerable?

• Easily guessed passwords that are too short; too simple; or that contain common words.
• Not keeping passwords a secret by writing them down or sending confidential data in e-mails.
• Trusting things we get from others like opening e-mail attachments that have a virus or other malicious code.

What is a Password?
A string of characters, entered to verify that you are authorized to access computer resources, consisting of:

• Alphabetic: A to Z and a to z
• Numeric: 0 to 9
• Special Characters: ~  !  @  #  $  %  ^  &  *  (  )  +  =  [  ]  {  }  /  ?  <  >  ,  ;  :  \  |  `  ’  ”  .

Problems with Passwords

• There is a direct relationship between the ease with which a password can be remembered and the ease with which it can be guessed.
• Without a gimmick, a password that is difficult for an unauthorized person to guess is usually difficult for a user to remember (more about gimmicks later).
• If a password is easy to remember, it is probably easy for someone else to guess.

Keeping Your Password Secure

• Don’t tell anyone your password.
• Don’t write your password down anywhere.
• Make sure your password cannot be easily guessed.
• If you think there is even a slight chance someone knows your password, change it.
• Don’t let someone see what you are entering as your password.

Don’t Choose a Weak Password

• With fewer than eight characters.
• That could be found in a dictionary.
• That uses public information about you or your family or friends (Soc Sec #; birthdate; credit card number; telephone number, etc.).
• That you have used before.
• That is a variation of your user ID.
• That is something significant about you.

Examples of Weak Passwords

Choose a Strong Password

• That is at least eight characters long.
• That contains uppercase and lowercase letters.
• That contains at least one number or special character.
• That is not a dictionary word in any language, slang, or jargon.
• That cannot be easily guessed and is easy to remember.
• Remember to change your password every 90 days.

Examples of Strong Passwords

• Wwe&nadtd
• 2BoN2bTist?
• IsfgaWDo6
• 3bmstfw1491
• Mdi#1imh
• 52eobbowtffcd
• tmb1W2rpw
• mkrG8b$

I know what you are thinking: “Wait one minute, you geek – you said it must be easy to remember!” Let me explain mnemonics.

Mnemonics

• Take a phrase that is easy for you to remember and convert it into characters.
• It could be the first line of a poem or a song lyric.
• “Water, water everywhere and not a drop to drink” (Rhyme of the Ancient Mariner) converts to Wwe&nadtd.
• “We Three Kings from Orient Are” converts to w3KfOr3691.
  (3691 is the year 1963 spelled backward to extend beyond six characters.)

It Matters!
Protect the Security of MCG’s Information Infrastructure as if it was your own. Because it is!