Tips for Selecting & Managing Passwords

December 17, 2014

Most of us are awash with passwords. You probably have multiple passwords that you use throughout the day. Unfortunately, many of us manage our passwords poorly.

A Google search for the worst passwords reveals the following:

  • 123456
  • password
  • 12345678
  • qwerty
  • abc123
  • 123456789

Do you use any of these? If so, you probably should change to something more secure.

Problems with Passwords

  • Passwords that are easy to guess defeat their purpose.
  • If the system you are trying to log on to does not protect your password, it can be discovered.
  • Malware can make passwords easy to steal. Key loggers installed on your computer can track your key stokes and transmit your usernames and passwords on to bad actors.
  • With the growth of mobile computing, there is always a danger of someone looking over your shoulder.

Tips for Managing Passwords

  • Don’t use the same password for more than one system. This prevents a bad actor from using a single compromised password to gain access to all of your accounts.
  • Don’t use passwords that are easy to guess. Bad actors use dictionaries of commonly used passwords to guess your password.
  • Don’t use passwords that you give away. It is common for people to use children or pet names for passwords. Access to this inform-ation is commonly available via social media. A password should never be something that is readily available to others.
  • Do use long passwords. Length is more important than complexity when creating a password that is difficult to guess. A longer password that contains a simple phrase or sentence may be easier to remember. For example, the password “I like Goleta beach.” is easy to remember because it is a grammatically correct sentence. It is also easy to type because it is made up of whole words. It is complex because it has both upper case and lower case letters and includes a period. We can make it more secure by changing the “o” to a zero and purposely using inappropriate punctuation or capitalization. “I like G0leta beach?” is a great password!

Since remembering passwords for dozens of accounts is difficult for all of us, consider using a free or subscription-based password manager. This is an excellent way to securely store your various account login credientials. Most password managers provide a way to back-up your password list, and some allow you to synchronize password lists across multiple systems. Others store password lists in the cloud so you can access them from anywhere.

No matter how good a password is, remember that it has limits. An alternative exists that is more secure than passwords alone. It is called multi-factor authentication and a growing number of cloud services support it. We are beginning to use it on campus for some services.

Multi-factor authentication supplements username/password authentic-cation by adding a third factor. Generally, the additional factor is a token or a mobile phone. For example, Google offers an app called Google Authenticator that runs on IOS and Android devices. It generates a 6-digit code that is valid for just a few minutes at a time. When you log on, you provide your username, password, and a current 6-digit code that is generated by the app on your device.

Password Safe Programs

There are many password safe programs available. Though the University does not recommend any one solution, here are some examples: