So You Think You Have a Smart Password?

By Bruce Harmon, Ph.D., Program Director for Computer Science

Data Privacy Day is held annually on Jan. 28 to raise awareness and empower people to protect their privacy and control their digital footprint. Colorado Technical University (CTU) is committed to promoting privacy awareness and has partnered with the National Cyber Security Alliance to help spread the word about this important issue. In this blog, CTU faculty share their insights and tips to keeping your digital identity safe.

CTU Computer Science Degree - Safe PassowrdsIn previous posts, I’ve written about potential security threats you face when it comes to protecting your computer systems and data. In this post, we get personal as I share ideas for protecting your personal assets from digital vulnerabilities.

Lock down passwords

The explosion of online activity has increased the need for password-protected access to your personal information. It’s also increased the ease at which criminals can steal your private and sensitive data. To be protected and reduce risk of digital theft, you must practice effective password construction and maintenance for all your many systems and accounts.

It’s true. Remembering a unique, strong password for every online account you own is tough. A commentator on CBS Sunday Morning recently had a great deal of fun with the impossibility of the task. Having simple, low security passwords for some online accounts – for example, access to digital newspapers – is acceptable, and only if the consequence of a hacker or a criminal accessing your account is minimal. But for many of your accounts, especially those that house highly personal data like credit card information, personal photos and contact information, you should establish strong, difficult passwords.

Outwit criminals

Cyber-attackers typically use automated tools to crack passwords and gain access to personal accounts. For instance, they might search your Facebook page or conduct other forms of espionage to gain critical insight into your personal world. This includes sending you an email message with the intent to obtain access to your email account, a practice called “spear phishing.”  That’s why it’s important to never use a familiar name, word or date that is easily discoverable. In fact, don’t use any of these at all. Many automated password-cracking tools use a dictionary to generate potential passwords.

One suggestion is to create passwords based on obscure phrases that you would remember, but taking a letter from each word in the sequence of the phrase and substituting special characters and numbers for the letters from time to time. For example, the phrase: Bacon Lover might be converted to: |3@coN_1oV3r. Passwords that include variations in lowercase versus uppercase letters and also include special characters are the most difficult to crack.

Store passwords – securely

When you have a variety of complicated passwords across multiple websites, you may feel inclined to put all that information into an easily accessible file on your computer. Don’t do it! Remember, if it’s easily accessible to you, it’s just as accessible to criminals who can plant a program on your computer that inspects and lifts data from your files. If you must, write the passwords on a sheet of paper and secure that in a safe.

The best way to protect yourself is to to imagine cyber-criminals are out to get you! The aftermath of a digital attack can be devastating. What steps must you take to ensure that you don’t become a victim?


CTU Faculty - Bruce HarmonBruce Harmon, Ph.D., is Program Director for Computer Science at Colorado Technical University. He earned a Ph.D. in Electrical Engineering with a minor in Computer Science from the University of Colorado and his M.S. in Aeronautical Engineering from Purdue University. He earned a B.S. in Aeronautical Engineering at the United States Air Force Academy. After nine years in the Air Force, he worked in defense and later at top-tier commercial companies for 17 years both in research and executive leadership positions. Learn why he’s IN.

 

CTU - Data Privacy Day Champion

Stay in the know! Subscribe to CTU’s blog and receive fresh updates directly to your inbox. Join us!


Image credit: Flickr/formalfallacy @ Dublin (Victor)


Terms and Conditions By providing your mobile number, you agree to receive text messages from Colorado Tech via its mobile text message provider.  You may opt out of receiving messages by texting the word STOP to 94576, or simply reply with the word STOP to any text message you receive from Colorado Tech. While CEC or its mobile text message provider will not charge end users for receiving/responding to promotional messages, depending on the terms of your mobile phone plan, you may incur a cost from your mobile service carrier to receive and respond to any promotional text messages (standard messaging and data rates/fees and other charges may apply).  Charges will appear on your mobile phone bill or will be deducted from pre-paid amounts.  Current participating/supported carriers are: Alltel, AT&T, Boost, Cellcom, Cellular One, Cellular South, Cincinnati Bell, Cricket, Element Wireless, Golden State Cellular, iWireless, Metro PCS, Nextel, nTelos, Plateau Wireless, Sprint, T-Mobile, US Cellular, Verizon Wireless, Viaero Wireless, Virgin, and more.×