skip navigationUniversity of Wyoming
UW Home  |  WyoWeb  |  UW A-Z Index  |  UW Directory  |  Search UW  
Information Technology
Information Technology   Hot Page: system status / virus info    IT Home                  A to Z Index              Ask IT     Search IT:
  Services                 Support                   Departments          Training                     About IT  
   

IT Home  /  Computer Security  /  Episode 2 

 Back to CSI:UW Home

lock and key

CSI: UW  Episode 2

Lock & Key

 

Could someone really hurt you if they had your password? Your password is like a key to a lock. With your password, threatening email could be sent from your account. Items could be purchased on web sites where you have enabled one-click shopping. Your bank and other sensitive account information could be accessed and used without your knowledge. Your credit rating could be affected. Your identity could be stolen. People could get access to University systems that contain sensitive employee, student, and financial information.

Security is your responsibility. Help keep your information and University of Wyoming data safe by using a secure password. Below are some tips on keeping crackers at bay.

Secure Passwords

It is important to use a strong password for your accounts. The easiest way for someone to gain access to your accounts is to figure out your password. It is easier to crack a password than you might think! For example, if you only use 6 characters in your password, and they are all lowercase (abc), a password cracking program can crack your password in under 5 seconds! The chart below gives the approximate times to crack sample passwords of different length with different possible characters on a 500 MHz Pentium III computer:

Password Time To Crack
Sublimate 2 seconds
checkmate1 3 seconds
CheCkmate less than 1 second
ChEck12 26 seconds
CheCk123 14 minutes, 22 seconds
3x0n3rat3 4 hours, 16 minutes, 45 seconds
5ygn6thb could not be cracked using the dictionary hybrid methods – requires brute force

UW helps protect against these types of password cracking tools by locking out accounts after three incorrect attempts.

Here are some tips for creating a secure password.

DOs:

  • Do make your password easy to remember. You should be able to type it quickly without having to look at the keyboard.
  • Do use at least 8 characters when creating a password. Make your password a mix of uppercase and lowercase letters, numbers, and special characters (if permitted).
  • Do change your passwords routinely – at least every 60 days.
  • Do embed extra characters/misspell. For example, if you wanted to use “SunShIne”, try “SunSShIne” or “Sun$$hIn3”.
  • Do use unusual capitalization. For example, instead of “Buckaroo”, use “BuckArOo”.
  • Do concatenate two or more words or parts of words when creating your password.

DON’Ts:

  • Don’t use simple keyboard patterns like A1B2C3D4, or p0o9i8u7. These are very easy to crack.
  • Don’t use your username, or simple permutations of your username. For example, if your username is Bigfoot, your password should not be Bigfoot, BigFoot, footbig, etc.
  • Don’t use any personal data (any data someone might associate with you). This includes names, nicknames, pets, social security numbers or phone numbers, birthdates, or license plate numbers.
  • Don’t use words that can be found in the English dictionary. A modified phrase works the best. For example, instead of “Sunshine”, use “L3tTh3$$hIne”. Instead of “Christmas”, use “Xms25thovDec”.
  • Don’t use words in a foreign language, especially if the language used can be guessed (for example, it is your native tongue).
  • Don’t use university, college, or state team names. These can be very easy to crack.
  • Don’t use names of famous people, places, things, TV shows, etc., that can be associated with you. For example, if you like the show Law and Order, you shouldn’t use LawOrder as a password.
  • Don’t use the word “password”, “secret”, “god” or “root”.
  • Don’t give your password to anyone else. Ever. Not even to your co-workers or managers.
  • Don’t record your passwords anywhere they could be vulnerable. If you must write them down, keep them in a safe place that no one has access to. Never post them on your monitor or under your keyboard.
  • Don’t use the same password for all of your accounts. If your password is cracked, the hacker will have access to everything.
  • Don’t use the same password, or the same 2 or 3 passwords, over and over when you have to change them.
  • Don't use any of the examples above as your password!

Current updates, free software, and information on UW's Computer Security Initiative may be found on the CSI: UW computer security pages (www.uwyo.edu/security). You can also contact the IT Help Desk at (307) 766-4357, option 1; or send an email to userhelp@uwyo.edu.


top of page


Contents © 1998-2008 by the University of Wyoming Division of Information Technology • All rights reserved.

Contents © 1998-2008 by the University of Wyoming Division of Information Technology. All rights reserved.

https://uwadmnweb.uwyo.edu/infotech/security/episode2.htm