Building a Better Password

Create Complex Passwords

Whenever you create a new password, make sure it’s complex. That means it should contain a mix of uppercase and lowercase letters, numbers, and special characters. It should also be something that is not easy to guess or find out about you online such as your birthday, anniversary, pet’s name, or school mascot. You should also avoid repeated or sequential numbers or letters such as ‘aaaa’ or ‘5678’.

Another way to increase the complexity is to use a passphrase instead of a password. Instead of a single complex word or jumble of letters, a passphrase contains multiple words, whether real or nonsensical. Those words can be random, or they can form a sentence. Passphrases can also contain spaces, which significantly increase the strength. According to useapassphrase.com, the password ‘wareagle!’ would take less than 1 second to crack. But by adding a space and making it ‘war eagle!’, then the cracking time increases to an hour. Neither of these examples is truly complex enough to protect your data, but one is clearly stronger than the other.

Passphrases can also be complex even if the individual words are not. You still don’t want to use easily guessable words, like the name of each of your pets’ names, but you can use real words that are meaningful to you. For instance, those Auburn Fans who witnessed the 2013 Iron Bowl could set their password as ‘1 second 109 yards’ and useapassphrase.com estimates that it would take 25 centuries to crack. There are many ways to make a complex password – you just have to find the one that works for you.

Use 12 or More Characters

You may have heard the phrase, “a long password is a strong password.” Many systems require you to create a password of at least 8 characters. However, the new standard is to have at least 12 characters in your password with some entities suggesting 16 or more. And as long as you don’t just add ‘1234’ or ‘!!!!’ to the end of your existing password, then those 4 additional characters can make a big difference. If you consider a 4-digit pin for a phone or a debit card, there are 10,000 potential combinations of numbers. If you pick an 8-digit numeric password, it will be 1 of 100,000,000 possibilities. Adding JUST uppercase and lowercase letters gives you more than 2 million times as many combinations. That seems pretty unhackable, but it’s not. There are computers that can run through those 200 trillion variations in less than 30 minutes.  But a 12-character password, especially one that uses uppercase and lowercase letters, numbers, and special characters, has over 200 million times more combinations that are possible. That’s nearly 300 sextillion available variations.

Now that’s a lot of numbers to try to comprehend, so let’s look at this a little differently. If we talk about this in terms of milliseconds, which is one thousandth of a second, 10,000 would be exactly 10 seconds while 100,000,000 is a little more than 1 day. Looking at the higher numbers, 200 trillion milliseconds would be over 6 thousand years and 300 sextillion would be around 9.5 trillion years. It’s important to note that a computer running the right program takes a lot less than 1 millisecond to test a password, so eventually even a complex 12-character password could be hacked just by running every combination, but that won’t happen very quickly. You’re doing yourself a favor by adding those extra characters.

Use a LastPass Password Vault

Now that you’re using complex, 12+ character passwords across your accounts, it will probably be difficult to keep track of them all. The good news is that you can simplify your life by signing up for a LastPass password vault. In addition to storing your passwords and security hints, LastPass can also sync across devices, suggest complex passwords, and protect your data behind multi-factor authentication like DUO.

The better news is that Auburn provides free premium LastPass accounts to anyone with an @auburn.edu email address. That brings in features like using fingerprint biometrics security, granting emergency access to specific people in the event of a crisis, sharing items to several people securely, and having 1 gigabyte of encrypted file storage for scans and images of things like passports and social security cards. With all of that, you only have to remember one password - your LastPass password – so make sure it is as strong as you can possibly make it while still being able to remember it. And beyond that, make sure to turn on multi-factor authentication. Even the strongest password could potentially be hacked, so having that additional authentication method is crucial to fully protecting your information!

Never Share Login Info

Everyone knows that passwords are supposed to be a secret. But surely, it couldn’t hurt to share your Netflix or Amazon Prime account with someone, right? And if you’re busy during your registration time ticket, it would be fine to give your password to someone to register for you, right? WRONG. You should never, ever, under any circumstances share your login information with other people. Once someone writes down your password, whether digitally or on paper, there are countless ways for it to get out to other people.

If there is a reason to grant someone access to an account you own, such as a group project where everyone needs to get into a certain email account, or some account you share with your significant other, then share the credentials through LastPass. As long as you both have accounts set up, you can grant each other access to an account or application without ever having to say or write down the password. You also get to choose whether the people you share with can actually see the password or if it just gets stored in their vaults. And should the need arise, you can revoke that access at any time.

Make Every Account Unique

Even if you never share your login information, that doesn’t mean that bad actors can’t get ahold of your password. And coming up with the world’s most complex password doesn’t do you any good if it gives someone access to every single account you own. Each time you register for something, you need to use a different password. Your online bank may have great security, but a social media may not. And if someone hacks your social profile, you don’t want them to be able to log into your bank account.

You also want to be wary of using variations of the same password. Simply adding a capital letter here or an exclamation mark there can help some, but you’re much better off with a completely unique password. If you can’t remember where you’ve used a given password, LastPass provides you with the option to run a security challenge. That will tell you if the password is a duplicate and give you the opportunity to change it and immediately store the new one.

Change at Least Once Per Year

Once you’ve done everything listed above, you might think you’re completely secure and set for life. Unfortunately, that’s not the case. Even with long, complex, unique passwords that are stored in a vault and never shared, you should still change your passwords at least once per year. The great news is that LastPass provides you an easy list of all the passwords you need to change; you can launch sites and apps directly from your vault and then immediately save the changed version. It may seem like a lot of effort, but it’s not nearly as much effort as what you’ll do if your bank account gets drained or your identity gets stolen. So set a reminder for each year, and just take a little time to update your passwords. You’ll be glad you did.

Previous Cybersecurity Awareness Campaigns

2018 Campaign Icon 2017 Campaign Icon 2016 Campaign Icon 2015 Campaign Icon 2014 Campaign Icon 2013 Campaign Icon 2012 Campaign Icon 2011 Campaign Icon 2010 Campaign Icon 2009 Campaign Icon 2008 Campaign Icon 2007 Campaign Icon