Information Security

Passwords

One of the most common ways for hackers to gain access to personal information is by cracking passwords. With one keystroke they can attempt to hack into thousands of computers using hundreds of combinations of passwords. Out of the thousands of computers hit a handful of passwords will be cracked. This page will teach you how to choose a password that can help protect you from malicious attacks.

Making Strong Passwords

Phrases:

  • Combine a letter from each word in a phrase
  • Phrases could come from song lyrics, a favorite poem, a meaningful quote, or a totally random combination
  • Whenever possible, include special characters such as "&". Special characters make passwords stronger if combined with other characters.

Examples:

  • Quote: Jack and Jill own two cats named Whiskers and Tuna. Password: J&Jo2cnW&T
  • Quote: When the lights out it’s less dangerous, here we are now entertain us. Password: Wtl01ldhw4n3u

It’s good to have a few different passwords to use for different accounts.

Characteristics of a Strong Password

  • Be at least eight characters long
  • Passwords may not contain words found in a dictionary
  • Must NOT be anything easily associated with you (for instance, information someone could learn about you from Facebook) such as
    • your user id
    • your name
    • your phone number
    • your address
    • your pet’s name
    • your birthday
    • friends or family member names or birthdays
    • any other information that can be easily found about you
  • Must include three of the following four elements
    • upper case letters
    • lower case letters
    • digits
    • punctuation/special characters

Using the tips and characteristics above, try making a strong password. Once you’ve made one you’re comfortable with, memorize it, and store it securely if you need to.

Also, don’t forget to visit your GatorLink account to update your password.

Two Minute Video Explaining Strong Passwords

Gatorlink Accounts Can Now Use Pass Phrases!

Gatorlink Accounts can now use passphrases instead of passwords! The passphrase is much longer than normal passwords but allows you to use memorable phrases rather than short but complicated passwords. The selection of a passphrase of at least 18 characters eliminates the password composition rules and dictionary check, although passphrases are still subject to minimal tests to prevent the use of common or trivial phrases. Also, be aware that the UF system does not yet allow the space character in passphrases.

This XKCD comic illustrates how secure passphrases can be! For more information on passphrases visit Diceware. The two keys to a good passphrase are in the total length and the lack of relationship between the words. The software can very rapidly test the text from books (trying common phrases), so direct quotes are not good choices. It is also essential that the words chosen come from a suitably large set – most people commonly use only about 1,000 words, so picking words to use can lead to a much less random passphrase. The Diceware approach uses a large enough set of words to choose from that the results are complicated for another person or software to guess.

The Diceware website explains the mathematical basis for the strength of passphrases, and Ars Technica published an informative series on how passwords are broken.

Storing Your Password

Once you create a strong, hard-to-crack password, you may want to write it down. Just make sure it’s discretely hidden and protect it like a credit card, for example.

An alternative way to store your passwords is through a Password Manager (PM). PMs are applications that allow you to safely store your passwords and encrypt them, making them harder to access for attackers. They are a good alternative as you can store strong passwords without needing to remember them. Google provides a built-in PM that is easy to use and allows for safe storage of any website's or application's password.

Fun Password Tip: “Passwords are like underwear”

  • Passwords are like underwear. Change yours often.
  • Passwords are like underwear. Don’t share them with friends.
  • Passwords are like underwear. The longer, the better.
  • Passwords are like underwear. Be mysterious.
  • Passwords are like underwear. Don’t leave yours lying around.
  • Passwords are like underwear. Use different ones.

For a more technical description of passwords please review the Authentication Management Policy

University of Florida
Gainesville, FL 32611
UF Operator: (352) 392-3261
Website text-only version

Resources

Campus

Website

Back to top button