Use sound password practices to protect your data

Your passwords are your first line of defense against cyber attacks. It is not only vital to have strong, unique passwords for every account you access, but to regularly maintain and manage them. You should also employ additional security features that keep cyber criminals at bay.

Some important password practices to help protect the security of the data you access, whether at home or here at NC State, are:

  • One Password = One Account. Ensure you use a unique password for each account. This measure is crucial, as you don’t want hackers to have access to every account, if they manage to hack just one.
  • Password Strength = Length and Complexity. Password cracking software can guess hundreds of thousands of combinations per second. However, the longer your passwords are, as well as the more complex (with upper and lowercase letters, numbers and symbols), the more difficult it will be for hackers to guess the right one.
  • Passphrases = Easy to Remember, Difficult to Guess. Using phrases instead of passwords allows you to create longer, stronger passphrases that will be easier for you to recall and harder for the criminals to guess. However, ensure that you don’t use common phrases, quotations or words and numbers that are specific to you (e.g., a pet’s name, favorite team, birthdate, phone number). Hackers have access to scripts, books, song lyrics, and social media, just like you! To add randomness to the length and complexity of your passphrase, string together unrelated words into a memorable phrase. For instance: Maldives onion mountain velvet can make a 30-character password, such as: MALDIVES@Onion!Mounta7n$Velvet. Please do not use this one; make up your own.
  • Can’t Remember Passwords = Password Manager. If passwords and passphrases become difficult to remember and manage, one solution is to employ a reputable password manager. Password management software can be used to store account passwords you create or can even be used to generate complex passwords for automatic login to your accounts. OIT does not currently support a password manager; however, LastPass and KeePass are popular choices.
  • 2-Factor Authentication = Best Second Line of Defense. Should your password or passphrase be cracked in a hacking attempt, the best second line of defense is having 2-factor authentication in place. These methods require you to use additional verification in order to access your account, such as entering a code sent to your smartphone or secondary email address. NC State encourages campus to use Google 2-Step and Duo to help prevent breaches of University and personal data. All University users who have an employee role will be required to sign up for both 2FA services by Oct. 31, so you are encouraged to do so now.
  • Sharing DOES NOT = Caring. Your passwords are your own and should never be shared with friends, family, faculty, staff, supervisors, or coworkers. No University employee should ever ask for your password, even if the employee assists you with a technical issue.

For additional details on creating strong passwords that comply with University requirements, see the NC State Password Standard.