Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attackers can use multiple methods, most often automated, to crack your password. These methods can consist of brute force attempts, dictionary attacks, and social engineering (e.g. , via phishing). A strong password can help deter the first two attack methods so you should keep the following in mind when selecting a password:

  • Make passwords at least eight characters long (twelve or more is preferred)

  • Don't use a username, a real name, or a company name

  • Don't use a single dictionary word (even slang and foreign languages); a multi-word phrase is much better

  • Don't use phone numbers, Social Security numbers, license plates, or birthdates

  • It should be significantly different from previous passwords

  • It should contain characters from each of the following groups:

    • Uppercase and lowercase letters

    • Numbers

    • Symbols (!, @, #, $, %, etc.)

  • Don't use the same password for multiple accounts (e.g.

    ,

    Swarthmore, Amazon, Gmail, etc.)

With today's password cracking capabilities, using any single word as part of a password, even with numbers substituted for letters, is NOT sufficient.

As noted in the list above, the length of your password is important. According to experts, just a few characters in length can make a huge impact on how safe your password is from brute force password cracking. Even with ensuring you have a mix of upper case, lower case, numbers, and symbols the time it could take to crack an 8-character password is approximately 7 years. If you make it 12 characters (the National Cybersecurity Alliance recommendation) it is approximately 164 million years. With 15 characters in your password, it could take approximately 56 trillion years. Student scavenger hunt icon. Garnet circle with a white outlined 'S'.Image Added Employee scavenger hunt icon. Garnet circle with a white outlined 'E'.Image Added

You should never share your passwords including with supervisors or co-workers. Don't write it down and then leave it on your display, under your keyboard, etc. In your browser (e.g. Chrome, Firefox, Safari, Internet Explorer, Firefox, SafariEdge, etc.), you should always disable the Save Password option.

You can change your password any time.

Below are some ideas for generating strong yet memorable passwords (from: 'Perfect Passwords: Selection, Protection, Authentication' by Mark Burnett):

  • Use three words (or more) together but not as a phrase.

    • Could be 3 synonyms, homonyms, antonyms, rhymes, etc.

    • Examples: WonSunTon, Pleasekeysfleas, Basesbasisbasses

  • Use a made-up email address (not your own!).

    • Pick a name then a related phrase for the address.

    • Examples: Mickey@mouseworld.net, vacation@aruba.com

  • Model your password after a real or made-up URL.

    • Examples: www.whatsmypassword.com, www.nonewsisgood.org, ftp.drydesert.edu

  • Use word and number combinations that rhyme.

    • Pick two or more numbers and then a phrase that rhymes.

    • Hint: get some ideas from www.rhymezone.com

    • Examples: 43FruitTree!, 488studentsintheDebate?

  • Use a common phrase stated in an uncommon way or as a question.

    • Examples: Temperaturesensitivedevice (

      i

      e.

      e

      g.

      ,

      a thermometer), whatISamovieonadisk? (

      i

      e.

      e

      g.

      ,

      DVD)

  • Think of a personal secret (perhaps embarrassing?) that only you know.

    • Examples: asleep@Meeting!

  • Invent an imaginary phone number.

    • Consider including spaces, dashes, and parenthesis.

    • Hint: don't use 867-5309 from the

      1980's

      1980s song...

    • Examples: (800) Sec-urme, 1-888-keepout

  • Take two or more words and swap the first letters.

    • Capitalize one or both of the first letters

    • Examples: Eink plephant, hexas Told-em!

  • Use a password generator

  • Use a password manager

    • There are a number of reputable on-line and off-line password managers available.

        Some

       Some are free and others charge for their services.

    • If you are

      a member

      an employee of

      the

      Swarthmore College

      faculty or staff community

      , you can use the online password manager

      LastPass

      Keeper for free.

       

      To get started,

      send an email to support@swarthmore.edu requesting access to LastPass

      follow our posted instructions.

    • Family members of Swarthmore employees can set up Keeper accounts too! Take a look at our instructions.

A good password choice is one that is very hard to guess but also easy to remember.

Finally, below are the ten most common (and horribly weak) passwords discovered from website hacks (courtesy of the Wall Street Journal):

  • 123456

  • password

  • 12345678

  • lifehack

  • qwerty

  • abc123

  • 1111111

  • monkey

  • consumer

  • 12345