Passwords
One of the most common ways hackers gain access to personal information is by cracking passwords. New tools allow attackers to test substantial amounts of password “guesses” on thousands of computers, and it only takes one correct attempt to cause irreparable damage.
Your online accounts – including your GatorLink – hold a plethora of personal information that could allow hackers access to your files, money, or identity, as well as those of your school or employer! Even seemingly inconsequential information can be dangerous in the wrong hands; social engineers can weaponize small details about an individual by using that information for impersonation, thereby gaining access to much more sensitive information.
The first step in protecting yourself from these attacks is following sound password practices. Read on to learn more about the best ways to set and enhance your passwords.
Need to update your GatorLink password? Visit the GatorLink Account Management Portal.
Setting Strong Passwords
There are two main categories of passwords to consider: traditional and passphrases. Both can sufficiently protect your accounts when configured correctly.
Traditional Passwords
The table below shows the estimated time it would take an attacker to guess your password, based upon it’s length and composition. As shown, longer and more complex passwords are strongest.
| Number of Characters | Numbers Only | Lowercase Letters | Upper and Lowercase Letters | Numbers, Upper and Lowercase Letters | Numbers, Upper and Lowercase Letters, Symbols |
|---|---|---|---|---|---|
| 4 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 5 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 6 | Instantly | Instantly | Instantly | 1 sec | 5 sec |
| 7 | Instantly | Instantly | 25 sec | 1 min | 6 min |
| 8 | Instantly | 5 sec | 22 min | 1 hour | 8 hours |
| 9 | Instantly | 2 min | 19 hours | 3 days | 3 weeks |
| 10 | Instantly | 58 min | 1 month | 7 months | 5 years |
| 11 | 2 sec | 1 day | 5 years | 41 years | 400 years |
| 12 | 25 sec | 2 weeks | 300 years | 2k years | 34k years |
| 13 | 4 min | 1 year | 16k years | 100k years | 2m years |
| 14 | 41 min | 51 years | 800m years | 9m years | 200m years |
| 15 | 6 hours | 1k years | 43m years | 600m years | 15bn years |
| 16 | 2 days | 34k years | 2bn years | 37bn years | 1tn years |
| 17 | 4 weeks | 800k years | 100bn years | 2tn years | 93tn years |
| 18 | 9 months | 23m years | 61tn years | 100tn years | 7qd years |
- All passwords must contain at least 8 characters, though using 14 or more will make your password hack-resistant
- Do not contain words found in a dictionary, or the name of any character, person, product, organization, or media
- Combine uppercase letters, lowercase letters, numbers, and symbols
- Avoid common substitutions of letters (such as 0 for o, or $ for S), as password crackers know and frequently guess such replacements
- Make them significantly different than your other passwords
- Mix up the order; do not put all the symbols and numbers at the end of the password
- Do not contain anything easily associated with you including:
- Name
- Birthday
- Address
- Username/ID number
- Phone number
- Names and birthdays of relatives and friends
- Names of your pets
- Any other information that could be easily found about you, such as what you have posted on your social media accounts
A good idea for creating strong passwords is to combine a letter (or a few letters) from each word of a memorable phrase. For instance:
- Phrase: His father drove a green 1975 Ford Maverick
Password: HFDaG1975Fd-Mvk
- Phrase: Jack and Jill have two orange tabby cats named Whiskers and Tuna.
Password: J&Jh2OTcnWs&Ta
Passphrases
Pick four random words,
That's a strong password.
GatorLink accounts can use such passphrases, but not all external websites support them just yet. Additionally, note that the sample above is not completely random and should not be used as a password.
- Make them difficult to guess, even by someone you know
- Choose at least 4 words for your passphrase
- To make your passphrase extremely secure, use at least 6 words
- Do not worry about the character count of your passphrase, what matters is word count & randomness
- Make sure the words you choose are sufficiently random and unrelated to each other
- “TheDogGoesWoof” is a weak passphrase
- “SparkleShimmerShineDiamond” is also a weak passphrase
- Make them easy for you to remember
- Include uncommon words in your passphrase
- For added security, insert a character or number between two of the words
- Consider using the Diceware word list (see the Using Diceware section) to create truly random combinations of words
Storing Passwords
Write it Down!
Writing your passwords onto a piece of paper can be a good idea. Just ensure you leave it at home where it is discretely hidden. Protect it as you would a credit card.
Password Managers
An alternative way to store your passwords is through a Password Manager (PM). PMs are applications that allow you to safely store your passwords and encrypt them, making them difficult for attackers to access. Google and Apple provide built-in PMs that are both secure and easy to use.
What Not to Do:
Should you choose to store your passwords digitally, it is important to use a dedicated solution, such as a PM. Storing account logins in a note or text file on one of your personal devices is not recommended, as it may not be secure.
It is important to note that UF policy forbids any digital storage of passwords used for UF business, including GatorLink passwords.