UVM's Information Security Operations Team answers "Why?" Why?security

Please don’t make me change my password. It’s the one I use everywhere.

Passwords serve to protect our privacy, our financial well-being, our reputations and even our identities.  Often, a password is all that stands between us and catastrophe.

Choosing a password: A good password is easy to remember, hard to guess or crack, and for UVM accounts, changed at least once a year (every 120 days for College of Medicine accounts).  Here are some ideas for picking a password:

  • Use the first letters of the first 8+ words to a song, poem, or passage from a book
  • Use the first letters, numbers, and symbols from a phrase you make up
  • Make up a nonsense phrase, even one that contains dictionary words, as long as you use 3 or 4 words and punctuation
  • Use a password generator [1]

Different passwords everywhere: Using the same password for everything?  You shouldn’t. One password means that a single key unlocks your entire kingdom. Keep your passwords different and never re-use your UVM credentials for outside accounts. Instead, come up with a password formula known only to you that helps you keep your password unique yet easy to remember.

Microsoft [2] offers this sensible advice: “Don’t use the same password for everything. Cybercriminals steal passwords on websites that have very little security, and then they use that same password and user name in more secure environments, such as banking websites.”  You’ve probably seen news reports of sites like Yahoo, LinkedIn, and Twitter being compromised and passwords stolen; it happens both to major sites and to many smaller ones we never see in the news.  If we don’t use different passwords, we expose ourselves — and those whose sensitive information we have access to — to significant risk.

Securing the Human [3] and Lifehacker [4] are good sources for ideas about choosing and managing passwords.

[1] http://preshing.com/20110811/xkcd-password-generator

[2] http://www.microsoft.com/security/online-privacy/passwords-create.aspx

[3] http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201105_en.pdf

[4] http://lifehacker.com/5830355/xkcd-password-generator-creates-high+security-easy+to+remember-passwords

Published by Dean

Dean Williams is UVM's information security officer.

Skip to toolbar