So You Think You Have a Smart Password?

By CTU Faculty

Data Privacy Day is held annually on Jan. 28 to raise awareness and empower people to protect their privacy and control their digital footprint. Colorado Technical University (CTU) is committed to promoting privacy awareness and has partnered with the National Cyber Security Alliance to help spread the word about this important issue. In this blog, CTU faculty share their insights and tips to keeping your digital identity safe.

CTU Computer Science Degree - Safe PassowrdsIn previous posts, I’ve written about potential security threats you face when it comes to protecting your computer systems and data. In this post, we get personal as I share ideas for protecting your personal assets from digital vulnerabilities.

Lock down passwords

The explosion of online activity has increased the need for password-protected access to your personal information. It’s also increased the ease at which criminals can steal your private and sensitive data. To be protected and reduce risk of digital theft, you must practice effective password construction and maintenance for all your many systems and accounts.

It’s true. Remembering a unique, strong password for every online account you own is tough. A commentator on CBS Sunday Morning recently had a great deal of fun with the impossibility of the task. Having simple, low security passwords for some online accounts – for example, access to digital newspapers – is acceptable, and only if the consequence of a hacker or a criminal accessing your account is minimal. But for many of your accounts, especially those that house highly personal data like credit card information, personal photos and contact information, you should establish strong, difficult passwords.

Outwit criminals

Cyber-attackers typically use automated tools to crack passwords and gain access to personal accounts. For instance, they might search your Facebook page or conduct other forms of espionage to gain critical insight into your personal world. This includes sending you an email message with the intent to obtain access to your email account, a practice called “spear phishing.”  That’s why it’s important to never use a familiar name, word or date that is easily discoverable. In fact, don’t use any of these at all. Many automated password-cracking tools use a dictionary to generate potential passwords.

One suggestion is to create passwords based on obscure phrases that you would remember, but taking a letter from each word in the sequence of the phrase and substituting special characters and numbers for the letters from time to time. For example, the phrase: Bacon Lover might be converted to: |3@coN_1oV3r. Passwords that include variations in lowercase versus uppercase letters and also include special characters are the most difficult to crack.

Store passwords – securely

When you have a variety of complicated passwords across multiple websites, you may feel inclined to put all that information into an easily accessible file on your computer. Don’t do it! Remember, if it’s easily accessible to you, it’s just as accessible to criminals who can plant a program on your computer that inspects and lifts data from your files. If you must, write the passwords on a sheet of paper and secure that in a safe.

The best way to protect yourself is to to imagine cyber-criminals are out to get you! The aftermath of a digital attack can be devastating. What steps must you take to ensure that you don’t become a victim?

Image credit: Flickr/formalfallacy @ Dublin (Victor)