Password and Account Protection
Categories: Cyber Security Awareness Month Information Security
Online access provides you with incredible opportunities: check a bank statement, pay a mortgage, make a credit card payment, check a credit score, and order just about anything then have it delivered to your house! But each of these tasks requires you to login to a website or app, and keeping each account safe is of critical importance. A strong password for each account is fundamental.
What makes a “strong” password? It begins with the password length: the longer the password the longer it takes for a hacker or hacker’s computer to guess or crack the password, and that time dramatically increases for each additional character or number. It is a balance, however, since a password that is too long may be difficult to remember (which defeats the purpose of a strong password). A good password length is 8-10 characters.
A common way to make strong passwords easy to remember is by using a passphrase. Using random words that don’t fit with each other helps increase the uniqueness of the password. This well known XKCD comic helps demonstrate a strong password:
Of the many password practices, several are things we really shouldn’t do. If you make a strong password but use it on every website, a breach of security on any of the websites could cause your password to be known and this weakens your password. Every password should be unique to the account and it should not be reused for another account. Another ill-conceived practice is using names of pets, people, or notable dates as a password. These are also easy to crack for a password cracker. In addition to not using names or dates, do not use the same base password then change a number or two at the end. This practice has the same problem as using the same password on each of these sites.
Finally, one other step you can take to secure your accounts is using multi-factor authentication (MFA). A common form of multi-factor authentication is two-factor authentication. Two-factor authentication increases the security by requiring two authentication factors: The first factor is usually a knowledge factor (the password that you know) and the second factor is a possession factor – something physical that you have such as an ID card, security token, or smartphone. In multi-factor authentication, a the third common factor is the inheritance factor (also known as the biometric factor). There are other authentication factors, such as location and time, but these are three of the most common. Having an account requiring two of these factors makes breaking into your account all that much harder as hackers since they would need two things from you, not just your password.
Oklahoma State University also has a two-factor authentication option for logging into all the websites that use your OKEY login. For more information see https://it.sp.okstate.edu/itservices/4help/guide.aspx?guideName=STW-IT_Duo_Setup_And_Use. Start your setup for Multi-factor Authentication at https://apps.okstate.edu/duo_portal.