Search Google Appliance


News

Password Security
Author: Michelle Malkasian, Office of Information Technology
Posted: December 11, 2013

Having a strong password is an extremely important step in keeping your personal information and finances safe. When passwords are compromised, the effects can be devastating. One cracked password can often give criminals access to a wealth of sensitive information. Criminals who gain access to your account at PSU, for example, may be able to use your information to perpetuate financial aid fraud or change direct deposit settings to siphon away funds. Furthermore, many people use identical or similar passwords for many of their accounts, meaning that a criminal may have a much easier time cracking your other passwords when they figure out one of them.

When choosing a password, your goal should be to make it as difficult as possible for anyone to guess, whether through an educated guess or password cracking program. Hackers have programs that can automatically guess thousands of passwords every second, so the longer and more complex your password is, the more trouble the programs will have discovering it. Even criminals with minimal skills can easily crack a weak password if they have the right tools.

The best passwords are hard for automated programs to crack, but easy for you to remember. Here's a good way for you to start:

  1. Create sentence-length passwords by joining several words together. (Ex: Complexpasswordsarestronger.)
  2. Vary the capitalization of your characters. (Ex: CompleXPasswordSareStrongeR.)
  3. Substitute letters with special characters and numbers to create phrases that you will remember but will be difficult for criminals to crack (Ex: C0mpleXP@55w0rdS@re5tr0ng3R.)

The Office of Information Technology (OIT) recommends that you follow these guidelines to create strong, complex passwords:

  • Use 12 or more characters.
  • Use both lowercase and uppercase letters.
  • Include at least one number.
  • Do not use words that appear in any dictionary.
  • Do not use passwords you've used for other accounts.
  • Use acronyms of quotations important to you. (Ex. "So long and thanks for all the fish!" can become sLaTfAtF!)

Once you've created a password, you can check its strength using Microsoft's Password Checker. Make sure to use a different password for each account and change them regularly. This ensures that even if one is discovered, the rest of your accounts will be safe. If you'd like a little help, you can use a password manager to keep track of all your passwords, allowing you to remember just one master password. For more information on choosing a good password manager, visit The secret to online safety: Lies, random characters, and a password manager. A good password manager is one that you can use every day, on every device.

Finally, avoid accidentally sharing your password. Don't leave it written down anywhere, either on paper or in an unencrypted file on your computer--the strongest password is useless if someone can simply read it off a scrap of paper or find it in a Word document. You should also never tell someone your password, including Office of Information (OIT) employees at PSU. If you ever suspect that someone may have figured out your password, change it immediately. At PSU, you can change your Odin account password quickly by going to oam.pdx.edu.

Your password is the key to your digital security--not just at PSU, but for every account you have. By keeping them strong, changing it often, and avoiding accidental sharing, you can make sure that your private information stays private and out of the hands of criminals.

--------------
Photo attribution: [Mike @ Flickr]