Carnegie Mellon University
May 06, 2019

World Password Day!

Thursday, May 2nd was World Password Day! Password Day falls on the first Thursday in May each year and is intended to raise awareness of password best practices and the need for strong, unique passwords.

Passwords provide the last line of protection against cyber-attacks on your smartphone, PC, Wi-Fi network, social media accounts, payment platforms, and your AndrewID Account. It seems like we all have even more passwords with each passing year. Every website requires us to create an account, and we all know how many websites and accounts that we utilize on a daily basis. At the same time, the existing computing power for cracking passwords is increasing, and massive data breaches keep exposing our accounts/passwords to the world at-large. It is important that precautionary measures are taken to help defend and protect our accounts and personal information from a growing number of threats. 

You can limit your exposure to these risks by adhering to the following password management best practices:

  • Keep it Unique
    • Creat unique passwords that use a combination of words, numbers, symbols, and both upper and lower case letters.
  • Implement Long Passphrases
    • Passphrases are easier to remember than a random string of symbols and letters combined together. While complexity is a key factor in a strong passwords, length combined with complexity is a force multiplier!  A passphrase can be a line from a song or a random memorable sentence like “little yellow duck dance”. The password can then be strengthened by adding complexity with numbers, symbols, and upper/lowercase letters “L!ttle Yell0w Duck D4nce”.      
  • Don't Make it Obvious
    • Using birthdays and names of family members or pets can be easily inferred by scanning users’ social media posts. Additionally, using common passwords like “123456” and “password” have already proven to be some of the most hacked passwords.
  • Use Two-Factor Authentication
    • Two-factor authentication (2FA) adds another layer of security for your accounts. In addition to the username and password, users have to confirm their identity with one-time codes sent to their mobile device or to their personalized DUO Keyfob token. The idea is that with two- authentication, guessing or cracking the password alone is not enough for an attacker to gain access. For information on 2FA at CMU, check out the Authentication Services web page. If you're interested in using a DUO Keyfob hardware token, please let us know and we can provide you one!
  • Use a Different Password for Each Account
    • The issue with using the same username/password across multiple sites is that once one site is compromised, you are exposed everywhere else that account/password is used. 
  • Use a Password Manager
    • Complex passwords can be hard to remember. This is where password managers like LastPass, 1Password, and KeePass can come in handy. These solutions keep all complex passwords in an encrypted format and users can access them all while only needed to remember one master password.