Smith College TechNotes blog

You can keep your information and yourself safe with two things: good passwords and common sense. Passwords will keep private information private – while common sense should keep you from making private information public.

This installment of the Digital Security series on TechNotes explains some “best practices” for choosing passwords.
What makes a good password?

• Make it lengthy (at least 8 characters, 14 characters or longer is ideal)
• Combine letters, numbers, and symbols
• Use words and phrases that are easy to remember, but difficult to crack. It is better to create a complicated password that you keep written down in a safe place than to use an easily-compromised password that is also very easy to remember.

Create a strong, memorable password in 6 steps (by Microsoft)

It is important that you avoid using the same password for all of your accounts and storing your passwords online or on an unsecured computer. This will protect you from a security disaster if one of your accounts is accessed fraudulently. However, it may be unrealistic to try to remember a unique, strong password for every account you hold. But, it is reasonable to create strong passwords for each “domain” that you deal with. A domain can be thought of an area that has security requirements separate from other things you do. For example, it is reasonable to use the same password for all accounts related to Smith, but to use unique passwords for each of your financial accounts.

Also remember that each account or system will impose its own restrictions. For example, your GroupWise/Novell account password cannot be longer than 8 characters, while a Windows login password can be up to 14 characters in length.

More recommendations:

• Use Microsoft’s Password checker to check your current passwords’ strength.
• Change your GroupWise/Novell/Moodle Password using the desktop client or this password change utility
• Never provide your password over email or based on an email request – any email that asks for your password or requests that you go to a website to verify your password is most likely fraudulent. Simple steps to avoid being phished (Sophos)
• What to do if you think you are a victim of fraud (Microsoft)

This is the first in a series of posts on Digital Security from TechNotes. Stay tuned for the next installment, “Your Online Identity” and feel free to make comments below or email  technotes at smith.edu with questions.