User Passwords

Account passwords ensure only authorized users are capable of accessing an account. Users should make use of strong passwords to make sure their accounts are protected from unauthorized access. An account is considered “compromised” if an unauthorized user gains access to the account. This could be especially problematic if the compromised account had access to sensitive information. Weak account passwords can make it easy for a potential attacker to compromise an account.
An example of a weak password being used against a user could involve brute force attempts. In brute force attempts, the attacker tries to access an account using various password combinations as quickly as possible. Short passwords and passwords that contain dictionary words are susceptible to brute force attacks. An example of a weak password would be “OSUcowboys123”. While this does contain upper and lower case letters, and numbers, it is mainly comprised of the dictionary word “cowboys”. Attackers familiar with their potential victims can also tailor brute force attempts to include certain terms such as OSU, Cowboys, and Pokes.
What can I do to protect myself?
OSU IT Security recommends users have at least 15 characters per password. These passwords should contain upper and lower case letters, numbers, and special characters (e.g. !@#$). Passwords should also not contain any dictionary words.
In order to help with the creation and memorization of strong passwords, the OSU IT Information Security Office recommends the use of password phrases. Password phrases involve associating a certain phrase with an account. The first letter of the words included in the phrase can be used to create a password. An example of a password phrase follows:

  • Phrase: “My dog is a three year old bulldog named Mike. He lives at 555 Anonymous Street.”
  • First Letters: “My dog is a three year old bulldog named Mike. He lives at 555 Anonymous Street.”
  • Password: “MdiatyobnM.Hla5AS.”

Between the upper and lower case letters, the number, and the special characters, this password contains 18 characters, and no dictionary words.
Users should not attach copies of their passwords to computer monitors. These passwords can be inadvertently seen by potential attackers. Even if the attacker does not come in the proximity of the monitor, the password could be visible through some other medium; such as a tagged photograph on Facebook. Users having trouble remembering their passwords could benefit from the use of password management programs. These programs allow users to create an encrypted file containing their account passwords. This file will need a master password to open. Examples of free password management programs include Password Safe and KeePass. Users may also want to secure backup copies of the encrypted password files for disaster recovery purposes.