Password security
Your passwords are the keys to your accounts, devices, and data. Accounts that use weak password are a common target for cyber criminals. Even very complex passwords can be a weakness if you do not follow best practices to keep them secure.
Quick tips
- Use a different password for every account. If a hacker gains access to your username and password on one site, they will try to use it to access other websites.
- Use complex passwords or passphrases. Short passwords, or passwords based on a single dictionary word or name, are far easier to crack. Advice on creating a complex password you can remember can be found below.
- Only store your passwords in a secure location. With a different complex password for every account it can be difficult, or impossible, to remember them all. One solution you should consider is an encrypted password manager.
- Never share your password with anyone. A shared password is a compromised password.
- Always change provided or default passwords. If you receive a new account or network enabled device, and the password is provided or set to some default value, always change it immediately.
- Never enter your password on a public computer. Shared computers, such as those found in libraries or hotels, can easily be infected with malware. In these cases everything you do on that computer can be collected by cyber criminals, including any usernames and passwords you enter.
- Make sure you are on a trusted website before entering your password. Phishing messages with links to malicious websites are often used by cyber criminals to collect usernames and passwords. More information on this type of attack can be found on our Recognizing Phishing page.
Online course
A short online course is available for faculty, staff and students. Please visit the respective pages to access the course.
Faculty and staff- Staff IT Training site.
Students- Student IT Training site.
One way to create a complex password you can remember
1.Think of a phrase, maybe a line from a song or poem. Something more obscure is better.
twinkle twinkle little star.
how I wonder what you are
2. Take the first one or two letters from each word and string them together.
twinkle twinkle little star
how I wonder what you are -> ttlshiwwya
3. Capitalize some letters. Here we chose the letter from the last word of each line.
ttlshiwwya -> ttlShiwwyA
4. Insert or substitute a few numbers. Here we added a '2' between each double letter, and replaced the i with a % symbol.
ttlShiwwyA -> t2tlSh%w2wyA
Be sure to come up with your own password, now that this one has been published it is no longer a good password.
Another way to create a complex password you can remember
1. Pick 4 (or so) words. They can be a phrase, but unrelated words are better.
before excess bold claims
2. String them together, either without spaces, or with a separator.
beforeexcessboldclaims
3. If necessary, add some capital letters, numbers, and/or special characters to meet complexity requirements. As this password should already be quite good, making just enough changes to meet the requirements should be sufficient. So if the requirements are one lower case, one upper case, one number, and one special character, you might do something like this.
Beforeexcessbold#claim5
Other advice on creating strong passwords
- Creating Strong Passwords - eff.org
- How To Choose Safe Passwords - popsci.com
- correcthorsebatterystaple - xkcd.com
Password managers
Remembering complex passwords for every site you access is difficult, if not impossible. One potential solution is to use a password manager. A password manager is an encrypted database of your usernames and passwords. These systems allow you to use long random passwords for all your accounts, making them difficult to crack. More information on password managers can be found in the Security Software section.
Join the discussion
A Yammer group has been created for AU Team Members to discuss cybersecurity related topics. Please join the discussion.
Yammer Cybersecurity Awareness Group
Updated July 06, 2021 by Digital & Web Operations, University Relations (web_services@athabascau.ca)