The following information will provide specifics on how users can create strong, secure, memorable passwords for each of their accounts.
How to Create Strong Passwords
- Avoid the Obvious: Don't use any personal information in your password that can be found on a publicly accessible space such as an Internet search engine or social media. This includes pet names, birthdays, child names, street address, etc. Additionally, don't use easy to guess passwords such as "123456", "qwertyuiop" or "p@$$w0rd". cc
- Never Share Your Password: When you share your password, you are sharing all of your account details with that person as well. Each person that has access to your account is another avenue for you to be attacked. Others who have access to your account could change the password and prevent you from accessing your account information.
- Don't use Dictionary Words or Common Substitutions: A combination of words, especially if they grammatically go together is not a strong password. Additionally, many password crackers are familiar with common substitutions such as "@" for "a" and "0" for "o".
- Stretch it Out: CMU passwords should be a of 8-characters long, however the longer the password the more secure it becomes.
- Mix it Up: Add a combination of uppercase and lowercase letters, numbers, and symbols to add variety to your passwords.
- Add Emoticons: Use symbols tht resemble smiley faces to add complexity to your passwords :)
- Use Random Words that Don't Belong Together: This method does not follow the traditional password advice of not using dictionary words. Instead, use four random words and string them together to create a passphrase that involves multiple words. The most important thing to remember is that the words need to be random and grammatically don't go togehter. Add in numbers and symbols to make it more secure.
- Example: mollusk2-conspire0-subtract1-needy9
- Use Two-Factor Authentication: Two-factor authentication adds another layer of defense for your information. 2FA requires that someone provide multiple pieces of information as authentication besides just your password in order to log in to the account. CMU has a two-factor authentication solution through DUO Security.
- Install a Password Manager: Using the automatic logon by checking "Remember Me" is not a password manager. If your system is physically accessed by someone else, he or she would have easy access to your accounts. Password managers generate strong, unique passwords for each of your accounts and store them in an encrypted vault. You only need to remember one strong, unique master password to access all of your passwords.