Campus Security Awareness Campaign 2016
This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. View the other monthly blog posts with ready-made content, as well as a printable calendar with the 12 topics. Learn more.
Passwords are an important part of our digital lives. There are many steps end users can take to protect their online accounts and mobile devices with strong passwords or passphrases. Here are some ideas to get you started.
Get the Word Out
Did you know that most passwords are easily broken? Have you found it hard to create a good, strong password that you can remember? Creating a strong, but easily remembered, password can be a challenge, but a few "secrets" can help you. Check out the dos and don'ts below.
Do you want to create a strong password? (Your answer should be YES.)
- Use at least 8 characters, preferably more
- Use a mix of upper and lower case letters, numbers, and symbols
- Create an easy-to-remember passphrase by choosing a phrase and adding numbers and symbols. Length is more important than complexity. For example:
- "It might seem crazy what I'm about to say" becomes "Itmightseem7CrazywhatI'mabout56to$ay"
- Fairly easy to remember, but far stronger than a typical complex password such as 79RtiO)m^B or something similar
- Consider using a password safe or manager such as LastPass or KeePass
- Change your password or passphrase regularly
- Be sure you're on the correct website before entering your password or passphrase
You won't do these things we're asking you not to do, will you? (Your answer should be NO.)
- Don't include your username or account number in your password or passphrase
- Don't use the same password for multiple services
- Don't use a single word, in any language
- Don't use consecutive repeating characters or a number sequence
- Don't use your pet's name
- Don't use your birthdate, address, phone number, or any other type of information someone can easily obtain
- Don't share your password or passphrase
- Remember the first rule for #passwords: Never share your passwords, passphrases, or PINs with anyone! #StrongPasswords
- Create long, strong #passwords that are 8 characters or more & use upper/lower case letters, numbers & symbols. #StrongPasswords
- Create easy-to-remember #passphrases by choosing 4 or more words & mixing in numbers or symbols. #StrongPasswords
- Use a #password manager to securely store online passwords. Learn more about password manager tools: http://www.educause.edu/library/resources/password-managers #StrongPasswords
- Change your passwords or passphrases frequently and don't use the same password for multiple sites! #StrongPasswords
- Sing along with us! #StrongPasswords are necessary to protect your personal devices & info! http://www.youtube.com/watch?v=YyrYVZ-oxVQ
Ask staff to add a tip to their e-mail signature block and link to your institution's password, passphrase, or two-factor authentication guidelines.
Chief Information Security Officer
University of XYZ
Create strong passwords or passphrases for each online account. Learn more. [Link "Learn more" to your institution's password tips or link to this advice about Passwords & Securing Your Accounts.]
Or use this favorite: "Passwords are like toothbrushes: don't share them, and change them periodically!
Embed or Share Videos
Share these resources with end users or use them to inform your awareness strategy.
- Change Your Password (poster) [Use something like this for caption above and link picture to Pinterest post.]
- Learn more about passwords and securing your accounts from StaySafeOnline.org. Or secure your account using two-factor authentication.
- Recommendations for 7 Bad Password Habits to Break Now.
- Experiment with password length and composition using Password Haystacks: How Well Hidden Is Your Needle?
- Consider whether a password manager tool is right for you.
Brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).
© 2016 EDUCAUSE. This EDUCAUSE Review blog is licensed under the Creative Commons BY-NC-SA 4.0 International license.