This article has been retired from circulation and is no longer being updated or maintained. The information contained in this article may be innacurate and outdated. Please refer to our articles page for a list of current topics.
The Importance of Strong Passwords
Your first line of defense on the Web is creating the strongest password possible to protect your computer, your data and your online accounts. That may sound like common sense, but hackers have become increasingly sophisticated at password “cracking.” What may have been considered a strong password a year ago may now be considered an open window to your computer. Internet security is based on a “weakest link” principle; hackers are constantly searching to find the weakest link possible to give them access to a network or computer. Often that weak link is a weak password.
There are a number of dos and don’ts when creating and managing your passwords, but there are some basics guidelines you can follow.
- Use both upper- and lower-case letters
- Incorporate numbers or punctuation marks
- Use at least one of these special characters: ! @ # $ % * ( ) - + = , < > : : “ ‘ .
- Make it at least 8 characters long.
- A strong password does NOT, in any way, use your personal information, such as name, phone number, Social Security number, birth date, address or names of anyone you know.
- Come up with something you can remember easily, but would be virtually impossible for anyone else to guess.
So, what can happen when you don’t have a strong password? If someone else is able to guess or crack your password, you give them access to your e-mail or IM messages, your bank accounts, your research, your contact lists or anything else you may have on your computer. They could start to alter or destroy files or even overtake your computer and turn it into a zombie. (A zombie computer is one overtaken by a hacker and used to perform malicious tasks, such as sending out large amounts of spam.)
There are a lot of techniques being used to steal passwords. Some of the most common include:
- Guessing. There are a number of programs designed to guess a user’s password based on information found online about the user, such as names, birth dates, names of friends or significant others, pet names or license plate numbers. They can even search for a word spelled backwards.
- Dictionary-based attacks. Programs and software also exist that will run every word in a dictionary or word list against a user name in hopes of finding or guessing a password.
- “Brute Force” attacks. This attack method refers to trying every conceivable combination of key strokes in tandem with a user name to find the password. There are programs that can run brute force attacks in very quickly. The best way to beat a brute force attack is to have a long and complex password, using upper and lower case letters, numbers, special characters and punctuation marks.
- Phishing. This is a common scam technique where a hacker will send out an urgent IM or e-mail message designed to alarm or excite users into responding. These messages will appear to be from a friend, bank or other legitimate source directing users to phony Web sites designed to trick them into providing personal information, such as their user names and passwords.
- “Shoulder surfing.” Be careful when logging on to a computer in public, such as a computer lab, cybercafé or library. There may be hackers lurking around for the express purpose of watching people enter their user names and passwords. It’s a good idea to have a password you can enter quickly without looking at the keyboard.
Keep in mind that protecting your computer and accounts with strong passwords also protects other users when connected by a network. For instance, just about student, faculty member and staff member at The University of Texas at Austin regularly accesses the university network. If one password is breached, all of the computers on the network are put at potential risk for hackers, viruses or worms. We each need to do our part to protect computing resources at the university. Just remember, a network is only as strong as its weakest password.