• What's the big deal?
• How to create a password with some anti-hacker muscle
• Suggestions for a strong password
• How to keep your password safe
• More information

What's the Big Deal?

A study by the CERT/CC at Carnegie Mellon University estimated that 80% of all network security problems are caused by bad passwords. A weak password can allow hackers to infect your computer with viruses, to access your personal information, or to send spam from your e-mail account. If hackers can guess your user name and password, you might as well have just given them your wallet and the keys to your room. The easiest way to protect your computer and data is to have a strong password.

How to Create a Password with Some Anti-Hacker Muscle

The more of these features you use, the harder your password will be to crack!

NOTE: Not all systems can support case sensitivity, special characters, or long passwords. In these cases, it's even more important to use a mix of alphabetic and numeric characters and to avoid words and names.

Suggestions for a Strong Password

1) Use the first letter of each word from a line in a book, song, or poem.

• For example: “Who ya gonna call? Ghost Busters!” becomes “Wygc?GB!”

2) Use numbers, letters, and punctuation to create an imaginary vanity license plate password.

• For example: T1me#0ff,  1H8sn0w

NOTE: Do not use these examples as your password.

Additional Pointers on How to Keep Your Password Safe

Do not use the same password for everything. Use a few different ones. For instance, be sure not to use the same password for an unofficial, casual, or uncritical service (such as free online games) as you use for more critical services (such as online banking). Please use a different password from your UR passwords for non-UR services to prevent outsiders from gaining access to UR systems. You may find it helpful to think in terms of two kinds of passwords: your "outside" password for use at remotes web sites and your "inside password" for use on UR systems.

Never write your password down.  If you can't remember it, then it's not a good password.

Never share your password with others. You wouldn't share your toothbrush or your underwear with a friend, so why share your password?

Do not allow websites to "remember" your password. Take the extra five seconds to type it in each time you visit a website--it's worth it!

Log out every time you access your personal accounts. Be sure to log out of your personal accounts, such as online bill payment systems, UR e-mail, and even Facebook, especially when you are using public access computers. This will ensure that the next user does not have access to your accounts or browsing history.

Change your password regularly. Unlike keys or an ATM card, your password does not have to be physically taken to be copied, and it's unlikely you'll know when your password has been stolen.

Be careful not to type your password into the wrong field. A common error is typing your password in the user name field instead of in the password field. Not only can people around you see your password on the screen, but your password could also be saved in a system log so that it automatically pops up when someone types in the first letter or number of your password.

Make sure that any website which requires your password is protected by Secure Sockets Layer (SSL). Look for the web address to being with https: or for a yellow lock icon to be located in the browser. These sites encrypt data in order to securely transmit private information such as credit card numbers.

More information

GeodSoft: Good and Bad Passwords

Back to top

Text | Directory | Index | Contact | Calendar | News | Giving

©Copyright 1999 -- 2006 University of Rochester