Information Security Training

Good Password Sense (Courtesy of ISO, University of Tennessee) To watch the video, click on the icon below that matches your media player. If you don't have a player, go to our download page. If you need a video with text captions, please visit our text-captioned page.

Good Password Sense

What makes a good password? A good password is one that is strong and secure. Strong passwords are ones that contain at least three or more of the following characteristics and are at least 8 characters long:

• Numbers (1, 2, 3, 4, 5, 6, 7, 8, 9, 0)
• Special character (/, [, -, =, +, !, #, $, *)
• Lowercase character (a, b, c, d, e, f, g, etc.)
• Uppercase character (A, B, C, D, E, F, G, etc.)

Another aspect of a strong password is that it is not shared with anyone. When you do, it puts all information it protects at risk of being compromised. Sharing passwords can allow unwanted break-ins from strangers and sometimes by someone you know. For example, a friend at work who decides to use your password to your e-mail account, pretending to be you and send an offending email to the president of a company.

Strong passwords are not posted, written down, or shared. Experienced hackers know where to look for exposed passwords that are posted on monitors, bottom of keyboards, or even in unlocked desk drawers. System administrator passwords to servers and critical applications should be locked in a safe and changed frequently.

The best passwords are pass phrases composed of a short simple phrase. Follow the methods below are useful in creating a new password:

• Choose a pass phrase that is very useful and easy to remember. Use mnemonics to associate a meaningful phrase with a password. For example, “I had a bad day in class today” becomes !H8bDnC2.
• Avoid directly converting letters to numbers or the other way around. Example, changing “e” to 3 or “o” to 0. Hackers can use password cracking tools can find these types of changes quickly. Utilize special characters instead that resemble  a letter such as changing “o” to () and “r” to |2.
• Avoid using any personal data or information in the password. Never use your username, friends, family, or pet's name in a password. Also avoid dates such as birthdays or anniversaries. Favorite sports or music can also be easily recognized and used by a hacker to gain entrance to your computer.

If you need to change your password, utilize the Office of Technology Services self help password reset on the OTS Web site.

• Instructions for Changing Password (PDF)

What more?

• Creating Strong Passwords
• Help Protect your Personal Information with Strong Passwords
• TU Online Password Reset Tool
• Instant Messaging Passwords

If you need further assistance, e-mail infosec@towson.edu for help.
 

Information Security Office
Office of Technology Services
Cook Library, 4
Hours: Monday - Friday, 8:30 a.m. to 4:00 p.m.
E-mail: infosec@towson.edu