Experts: A good password requires more than your mom’s maiden name

Password security is rapidly becoming a concern not only for students but for anyone with a password protected account. \nChoosing a good password is a decision that should not be taken lightly, said David Ripley, a researcher at the Pervasive Technology Labs’ Advanced Network Management Lab at IU, in a tip sheet for IU faculty research titled “Living Well Through Healthy Lifestyles.” \nStudents may think a computer cracker or identity thief would never be able to guess their dogs’ names, however, they do not need to guess thanks to computers that can do the guessing for them, according to the tip sheet.\n“Most crackers use automated cracking engines designed to either find directory-based words in the password, or ones that simply try every possible combination, which is the most common,” said Scott Wilson from the University Information and Policy and Security Office in an e-mail. \nCybercrooks try millions of different words, either long or short or foreign, to crack into systems, Ripley said in the tip-sheet. \nHe added that cyber hackers can try every word in every dictionary, in every language imaginable, even common pet names. In the monthly tip sheet, Ripley said the best passwords are when people use a random string of numbers and letters, but the only problem is that these types of passwords can be difficult to remember. \n“I pick things that aren’t related to me, so that people who know me can’t guess,” senior Annie Oler said. \nOler also said she steers clear of obvious things that people typically use. She said she likes to spell common words or names backwards and then finish the password with a number. \nIn an e-mail, Wilson said that the University’s Information Security Office and University Information Technology Services have implemented the use of passphrases at IU to protect users. He explained that the concept is to trade shorter passwords that are hard to remember for longer ones that are easy to remember and type.\nBoth Wilson and Ripley recommended that students not write their passwords down and leave them where anyone can find them. Both agree that it is OK to write them down, but only if you have a secure place in which to store them, such as a safety deposit box. \nSenior Kathleen Huff said she uses capital letters, numbers and spaces to make it more difficult for people to figure out. \n“The words I use are fairly common and easy,” Huff said. \nIU currently requires all new accounts and password changes use passphrases, which are a minimum length of 15 characters, and allow almost any combination of lowercase and uppercase letters, numbers, symbols and spaces, Wilson said in an e-mail. \n“The goal of the passphrases is that by adding a few more characters and giving users the ability to choose natural language words, the length offers enough security that it would take automated cracking engines longer than most of our lifetimes to crack,” Wilson said in an e-mail. \nIn an e-mail, Wilson explained that choosing a strong password is only one facet of online safety and security. People learn to take a more proactive approach to protecting their identity and information by changing their passwords often, and by choosing different passwords for different sites.\nOler said that to ensure her information is secure, she changes her passwords about every two months and she never checks her online banking from a school computer.