• Home
• Information Security Awareness
• Guidance
• Tips
• Tools
• Other Useful Sites
• IS(3)PACE

What is a password? Why do I need a password?

Basically, a password is a secret string of letters, numbers, and/or special characters used to uniquely identify users and determine the specific resources a user is authorized to access. Most WVU applications and systems require that you enter a user ID and password combination to obtain access to information resources. If someone steals or uses your user ID and password that person could pretend to be you while committing unauthorized or illegal activities related to the specific resource. Possibly, someone could steal your password and then change it, making your computer accounts unusable to you. To protect University resources from compromise and to protect yourself from unnecessary investigation and frustration, protect your password.
Creating Strong, Secure Passwords I

Creating a strong password that is challenging to guess, derive or “crack,” makes it difficult for a malicious program or another person to take control of your computer. Follow these guidelines to create strong, secure passwords:

• The more meaningless a password is, the more secure it becomes. A meaningless word or phrase is the most difficult to guess. Chances are if it makes no sense to you the author, it will most likely not make sense to anyone trying to guess it.
• Construct a password that is a least six to eight nonblank characters in length. The longer a word or phrase is, the more the characters or combination of characters to be guessed. Passwords are like Spring Break, the longer the better!!!
• Begin your password with a letter.
• Choose a combination of letters (a mixture of upper and lower cases), numerals (e.g., 5, 20, 7), and special characters (e.g.,!, ?, #, %). Most passwords are case sensitive which means a capital ” A ” is not considered the same as ” a ”; that means instead of a potential hacker having to guess using only a combination of twenty six alphabetic characters, he/she has to guess using a combination fifty two characters (twenty six capital letters and twenty six lower case letters). Including numbers and special characters also increases the number of combinations and time it will take to guess the password.
• Avoid including the WVUID, first and last name, phone number, social security number, PIN, birth date, car tag, pet name or other information that could be learned or easily guessed by others. It would be much easier for anyone to guess your password if it is something associated with you.
• Do not use words found in a dictionary or the name of any real or fictional popular place / character or television show. There are programs that can go through every word in the dictionary to detect a password.
• Do not use simple patterns of letters or numbers, such as the keyboard patterns of “12345” or “qwerty”.

Do not use your account user-id as your password.

Creating Strong, Secure, but Easy to Remember Passwords II

The following steps can help you create a strong, secure, difficult to guess but easy to remember password.

Make up a sentence or phrase that is meaningful to you, then use the first letter of each word as a letter in your password; if you wish, add additional characters to make it more difficult to guess.

• Start with the phrase such as ” All third-parties must sign one Confidentiality Agreements ”.
• Take the first letter of each word as your password: A3pms1CA (This is an acceptable password; it follows the rules but is hard for someone to guess since it’s essentially a random string of characters.)
• To make the password even harder to guess, add punctuation, numbers, and other non-alphanumeric symbols: A3-ps1CA
• Also, try using the following number for letter replacements, such as:
  5 for S
  3 for B or E
  6 for b or G
  Example: Let’s go get some lemon jello:- L’s665lj

Protecting Your Passwords

Now that you have created a strong password, keep it secure by following these practices:

• Changing the default passwords immediately after logging into a new application or system
• Following the system / application recommendations for password change schedules. Most WVU systems require password changes every 30 – 90 days.
• If you suspect that your password has been compromised, change it immediately.
• When changing passwords, create new, unique passwords. Do not reuse or recycle previously used passwords.
• Memorizing your passwords or storing them it in a very secure location (See note below).
• Protecting your password and protect yourself – don’t share passwords. Passwords are like your toothbrush or underwear, never share them!!!
• Never reveal your password in response to a telephone or email request.
• Reporting suspicious requests for your password to the OIT Help Desk (293-4444 ext.1)

Note: Many of us access multiple information resources, making it difficult to memorize the numerous passwords associated with those multiple resources. If you absolutely have to capture your passwords, store them in a manner that requires someone to break into the storage site. Consider using an electronic password vault which will encrypt passwords and requires another authentication method (biometric, token, additional PIN) for access. At the very least store those passwords in a locked drawer or file cabinet.

Contents

• Articles
• Cookies
• Desktop Security
• Email and Internet Security
  • Etiquette
  • Phishing
  • Spam
  • Spyware
  • Secure Sites
  • Trusted and Restricted Sites
• End User Licensing Agreements
• Password Management
• Pop-ups
• Protecting Your Identity
• Quick Tips
• Vendor CI Agreement

Contact Us | Disclaimer