Treat your
password
like your
toothbrush

Choose a good password

Your password is the key to your data and should be nearly impossible for someone to figure out. Choosing a secure password is paramount for keeping your data secure.

Strategies for creating a good password

• Create a password that is easy to remember.
• Create a password that you don’t have to write down.
• Make the password at least 8 characters long.
• Create a password that you can type quickly.
• Create a password that is a random mix of letters, digits, and punctuation.

Pro Tip - select a phrase that's easy to remember and turn it into a password by using the first letter of the words using UPPERCASE and lowercase letters, add some special characters, and use some numbers in place of letters. These are called passphrases. Be creative. Here are some examples:

• It's great to be an Auburn tiger = igr82baAUt!
• I was born at East Alabama Medical Center = myDay0@EAMC
• Coca-cola is not equal to Pepsi, Pepsi for the win = c!=p,P3psi4tw

Things to avoid when choosing a password

There are specific things you should avoid when choosing a password, including the following:

• Names of any kind. These include your username, your first or last name in any form, or your spouse's or child's name.
• Any kind of easily obtained information. This includes your your address, birthdays, license plate numbers, telephone numbers, etc.
• Sensitive information. This includes your ATM PIN, Banner ID, Social Security Number, or credit card number.
• Words contained in English or foreign language dictionaries. These include obvious words such as “secret” or “password” or “abc123," etc.

Remember, it is part of your responsibility to create a strong password. For maximum security, always take extra precautions when creating a password so that sophisticated crackers cannot acquire your personal information.

Never share it with anyone

Do NOT share your password with others. Don’t give your password to anyone, including your friends, your boss, a computer repair person, etc. Don’t write them down and keep them at your desk (even on a post-it under your keyboard - yes, I'm talking to you). Don't keep passwords in an unprotected file on your computer.

Password Security

A social engineer is a person who will try to manipulate a computer user by using trust rather than exploiting computer security holes. Be aware of anyone who wants to log on to your machine to send a quick email or anyone who claims to be an administrator and requests a password for various purposes.

Never send your password through email. A new trick that hackers use is to try to get people to give away their passwords and other personal information through email. Reputable companies will never ask you to send a password through email. If you receive such a request, verify the company's real phone number or email address and notify them immediately by phone or through their website.

Phishing Scams

A phishing scam is when someone attempts to acquire your personal information by pretending to be a trustworthy entity in an electronic communication. Every day 80.000 people fall for a phishing scam and voluntarily give away their personal information, including their passwords, to a criminal.

Phishing warning signs

• Non-personalized greeting
  Phishing messages usually do not address you by name, but use a generic greeting, such as "Dear User" or "Dear Customer."
• Urgent/Threatening language
  Threatening language such as "Your access will be revoked if you do not..." or "Your account will be terminated if you do not..." is often used to elicit a response from you.
• URLs don’t match and are not secure
  If an email has a link, be cautious. If you're not on a touch device, hover over the link with your mouse. Does the URL displayed match what you're expecting? Never log into a website that's not secure -- look for "https://."
• Poor grammar/misspellings
  The largest propagators of phishing attacks are from Russia and China where English is not their first language. Use this to your advantage by spotting poor grammar and misspellings as a red flag.
• Subject matter does not relate
  For example, if you don't bank at Wells Fargo, don't fall for a phishing message "from" Wells Fargo.
• Request for personal information
  The telltale sign of a phishing message is the request for personal information. Legitimate institutions should never ask for your personal information via email.

Change it every 3-6 months

A strong password is one that you change on a regular basis. A good practice is to change your password at least every three to six months.

There are several reasons for this. First, passwords are often stolen without the knowledge of the victim, and stolen passwords often aren't used immediately. They're collected, sold to organized crime, rebundled and resold, and left unused for some time. Even if you're not aware your password was stolen, if you change it periodically you may change it before a thief has an opportunity to use it. Second, computers are always getting faster. It's possible to guess your password through sheer persistent computer effort. With current technology, this takes months if you have a strong password. If you change your password every six months, any brute force attack that takes longer is ineffective.

Has your account been compromised?

Your account may have been compromised at no fault of your own. Data breaches occur every year and some expose the login credentials of hundreds of millions of customers. See if your account has been compromised by a known data breach exposure list at "Have I Been Pwned."

Managing passwords

Can't remember all your passwords? Try using a password manager. Here's an article that compares numerous free products in the market: PC Mag: The Best Free Password Managers of 2016.