Tips for Producing Strong Passwords
When hackers broke into the University of Central Florida’s computer systems earlier this year, they gained access to social security numbers, financial records, and medical information of 63,000 students, alumni, and faculty members.
Unfortunately, hacking university databases is a trend that is on the rise. From 2006 to 2013, 550 universities reported some kind of data breach. Because many security breaches are the result of weak passwords, Embry-Riddle Aeronautical University is increasing efforts to keep student and faculty information safe by improving security systems and encouraging the use of strong passwords.
According to the 2016 Verizon Data Breach Investigations Report (DBIR), 63 percent of confirmed data breaches involved weak, default, or stolen passwords. Embry-Riddle Information Security Analyst Mike Peterson said that many breaches occur when passwords are under eight characters or re-used across many systems. Weak passwords make it easier for hackers to steal information and compromise entire databases filled with personal data.
With a goal of moving away from eight-character password systems, Embry-Riddle is taking steps to protect students’ private information. However, it’s still important for students to take action and create strong passwords for their personal accounts.
“By increasing the minimum length, we've reduced the chances that people will reuse personal passwords on Embry-Riddle systems.,” Peterson said, adding that the system no longer allows many common passwords that can be found in the dictionary and are commonly targeted by hackers.
Another rule of thumb when selecting a password is to change it regularly and stay away from dictionary words, said Dr. Remzi Seker professor of electrical, computer, software and systems engineering at the Daytona Beach campus.
“The password needs to be complex and changed regularly in order to alleviate brute-force attacks,” Seker said. “Using dictionary words as password could mean a bot could just try dictionary words automatically and have access to the system. One simple example for setting passwords is to think of a long sentence and use a rule to pick letters from every word, then add some numbers.”
Here are tips from Embry-Riddle’s IT and Cybersecurity experts for creating strong passwords:
Use a minimum of 12 characters
The standard eight characters for passwords has made it easier for hackers to guess passwords because they know to target eight-character combinations for brute-force hacking. By increasing characters, it creates more character combinations, exponentially increasing the difficultly required to crack passwords. When it comes to passwords, the longer the better.
Mix it up
Include a mix of symbols, capital letters and lowercase letters. Avoid names, places, dictionary words and common word combinations. Using common words and phrases opens up passwords to dictionary-based attacks.
Never reuse the same password
Creating and remembering multiple passwords can be a challenge, but each service and system should have a different password to prevent security breaches. Use a password generator to create secure passwords and a password manager in which to store them.
Use a password manager
With so many services and systems in use, it can be difficult to remember passwords. Embry-Riddle security experts suggest using password managers like Lastpass or 1Password to store your passwords for you. By using a password manager, users will only need to remember a master password to access stored passwords for various platforms. While nothing is ever 100 percent secure, Peterson said that the risk associated with the re-use of weak credentials across multiple sites and services was far greater than the risks associated with the use of a password manager. Like all passwords, the password used for an password manager should be as unique, long, and complex as possible.
“The problems with trying to remember every password associated with every account are much, much worse than the fears surrounding storing all your passwords in one location,” Peterson said.
Enable Two-Factor Authentication
Two-factor authentication is a method of confirming a user’s identity through two different log-in components. Two-factor authentication can include biometrics, tokens, or SMS messages sent to your phone. Two-factor authentication should be enabled wherever possible, as it is much harder for an attacker to gain access to both forms of authentication.