In an age where cyber attacks and identity theft have become commonplace, a first-line defense against hacking is strong passwords. But just what makes a password strong? And is it enough to follow a few passwords rules, or is there more you can do to ensure your passwords keep your data out of the hands of hackers?
Consider passphrases. A passphrase is an expression or group of words that, when used as a passcode, is easy for you to remember but hard for hackers to guess. Passphrases are also generally longer than most passwords, making them more difficult to decode.
Remain strong. To help keep your passwords and passphrases unbroken, make them eight or more characters long with at least one number, one uppercase letter, and one lowercase letter. Don’t use more than five numbers in a row, such as a zip code or phone number that could be guessed. Also, use character substitution to keep them unique; for instance I like city lights is much harder to hack when written as !L1keC1tyL1g#t$. See the university Password Standard for additional information on choosing strong passwords.
Keep updated. Be sure to regularly change your passwords with brand new words or phrases, following the guidelines above. Updating your passwords every 90 days is a great start, but changing them even more regularly, such as monthly, is ideal. Also, make certain you use different passwords for different accounts and devices to reduce vulnerability to hacking.
Get organized. To keep a handle on all your strong, unique and frequently updated passwords and phrases, use a reputable password manager service. Reference the SANS Ouch! Password Managers article for great tips on employing password managers.
Stay 2-Steps ahead. By setting up two methods of login verification, your account can only be accessed if both your password and another code are entered. The second code (either predefined or sent to you upon account log in) keeps you a step ahead of hackers by blocking them from your account, even if they have your password. To enable 2-Step on your Google Apps @ NC State account, see Google 2-Step Verification. To view a list of other applications that support 2-Step Verification, see also Two Factor Auth (2FA).