Passwords Revisited

Passwords continue to be the most universal credential in our use of technology.  Sure, some phones can authenticate you via thumbprint or facial recognition, but most of the time, most of us sign on to most things with a password.  

 

For years security standards bodies have recommended changing passwords often.  However, over the last year or so, the industry has come to the consensus that frequent password changes are counter-productive: They simply encourage people to create easily-guessable passwords and to write them down and store them in obvious places.  Password length is the key to making passwords harder to guess, and ironically, easier to remember, because you can create passwords that sound more natural.  So, as of August 1, FIT modified its password policy.  We now require passwords of at least 12 characters, consisting of Upper Case letters, Lower Case letters, and numbers.  However, you only have to change it once a year instead of 3 times a year. Read more about this change on our website.

 

There are lots of ways to come up with 12-character alphanumeric passwords that are easy to remember: how about the address of an old friend, or perhaps movie or book titles with numbers in them (AroundTheWorldIn80Days or SlauGHterhouse5)?  There are over 3.2 Sextillion combinations in a 12-character password, so be creative and don’t write it down on a post-it!



What can you do?

There is more that you can do to guard your passwords, because even the best password doesn’t protect you if you are the victim of a phishing scam.  

  • Visit http://www.HaveIBeenPwned.com to see if your email address or password has been included in any of the major data breaches that have occurred in the last several years.  Here’s a link to an article on the Cybersafe website on this topic.
  • Enable 2-factor authentication on your Google email and drive accounts.  It’s easy and non-intrusive, and is one of the best things you can do to protect yourself in case your password does get compromised.
  • Always be careful about phishing scams.  Unfortunately the recent horrible rash of mass shootings has spawned what has become the usual spate of phishing attacks looking to prey on people’s compassion to steal money or passwords, or to plant malware.

 

Stay aware and stay cybersafe! 

 

About Cybersafe

The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

 

Walter Kerner

Chief Information Security Officer

Division of Information technology

Read past issues of the CISO Updates Newsletter here.