ICT Services Secure IT Choosing a strong Password

Choosing a Strong Password

The importance of using a strong password can't be emphasised enough.Your password is verifies your digitial identity - like an online passport. .

The top reasons people gain unauthorised access to a password protected system is they guessed someone's password, often because they found it on a piece of paper next to the computer or because they saw the person type the password in, but also because they use software programs that are VERY good at guessing common passwords.

The following guidelines will guard against someone finding out your password and gaining unauthorised access to your account:

  1. Make your password into a passphrase . The longer a password is, the more difficult it will be to attack the password by guessing (or brute force). A passphrase is simply a phrase or sentence that you use, instead of a word or set of characters. Passwords/passphrases should be a minimum of 8 characters long but if you want to really impress, they should be 11 or more.
  2. Use unique passwords. Make sure you use a unique password for every online service you use.
  3. Avoid publicly available information. We share a lot on social media, do not use personal information in your password that someone else is likely to be able to figure out. Obviously, things like your name, phone number, date of birth and address are to be avoided.
  4. Avoid common words. Don't ever be tempted to use one of those common passwords that are easy to remember but offer zero security. e.g. "password", "letmein" or key sequences that can easily be repeated. e.g. "qwerty123","asdf1234" etc.
  5. Change it periodically. It is a good habit to change or rotate your passwords on a regular basis, every 6-12 month.

What is a passphrase?

ICT advise that you use a passphrase rather than a password for your JCU accounts. A passphrase is simply a phrase or sentence that you use, instead of a word or set of characters.

If there is no limit on a password length, use a passphrase. e.g. "Europe is beautiful this time of year." However, if you have to pick a smaller password, just use the first letter of each word and swap some of the letters for numbers: "E1bTtof7”.

JCU has NO maximum limit on passwords but for non-JCU accounts, it is important to confirm the maximum number of characters allowed. If the system only allows an 8 character maximum, and your passphrase is "everyone loves chocolate cake for their birthday" your password will actually just be "everyone" and that's a dictionary word!

Summary

Do
  • Use a different password for each service (i.e. JCU, Gmail, Dropbox, iTunes etc.).
  • Use a passphrase where you can, because length is more secure than complexity.
  • Use more than 4 numbers in a pin number or passcode.
  • Change your password periodically (annually would be a good start) or if you think it has been compromised.
Don't
  • Use simple or dictionary words (e.g. Password123, Townsville123)
  • Write your password on a post-it note and stick it to your monitor.
  • Use easily guessable words (e.g. phone numbers, Date of Birth).
  • Tell anyone your password – this includes ICT Staff!