Passwords and Securing Your Accounts - A secure password is the first line of defense against any kind of account compromise: removing the ability to guess or brute-force the password eliminates the origin of many hacking attempts. The IC requirements for secure passwords (letters, numbers, and punctuation) can be accomplished in surprisingly easy ways that also add further layers of security. When at all possible, we strongly recommend using different passwords for every site; that way, if one is compromised, the others remain secure.
Instead of pushing all three requirements next to each other (say, “pikachu!123”), one recommendation is to replace letters in the dictionary word with similar-looking symbols or numbers (“p1k@chu”), which may look relatively close to internet “leet-speak.” This further secures your passwords by eliminating the dictionary word, as some brute force password guessers operate by scrolling through dictionary words.
Another suggestion is to completely eliminate the use of dictionary words altogether. Some password creators will generate random strings of characters that are hard to memorize; another way to generate your own that are easy to memorize is to create an initialized passphrase. Say, for example, that your favorite song is Carly Rae Jepsen’s “Call Me Maybe.” If you abbreviate the first two lines of the chorus (“Hey, I just met you, and this is crazy”) to (“hijmyatic”) and substitute some characters for a number/symbol equivalent (“h1jmy@7ic”), the password is harder to guess than a simple dictionary word.
One way to further secure such a password is to capitalize letters – you can capitalize randomly, the first word of each line, or any way you wish. Another method that may be harder to commit to memory is to use a song that you don’t like as much, making it harder to guess by people who know you. Say, for example, that your least favorite song is Carly Rae Jepsen’s “Call Me Maybe…”
Visit http://www.ithaca.edu/icinfosec/passwords/ for more information!
For even more NCSAM tips follow us: facebook.com/ICInfosec | twitter.com/IC_infosec