The University of Texas at Austin

Security Awareness

Keep Safe with Strong Passwords

Keep your computer, data and accounts safe with strong passwords.

To protect your computer, your data and your online accounts, make a strong password your first line of defense. Most people know that strong passwords are a good idea, but don’t realize hackers are becoming increasingly sophisticated at password “cracking.” You have to change your password frequently, and stay aware of what techniques hackers are using to steal passwords, if you want to stay ahead of the bad guys.

Internet security is based on a “weakest link” principle, and passwords are often the only thing standing between a hacker and access to your computer or the campus network. If your password is weak, you make it easier for someone to break in. Hackers make their livelihood by automating ways to continually search out the weakest link to gain access to a network or computer. Don’t let your password be the weak link!

There are real consequences to not having a strong password. If someone steals your password, they may find a way to access your e-mail or IM messages, your bank accounts, your research, your contact lists and whatever else you have on your computer. Your files may be altered or destroyed. Sometimes hackers even take over a computer and turn it into a zombie, using it to perform malicious tasks such as sending out large amounts of spam.

How Passwords are stolen

When you are creating a strong password, it can help to know the tactics hackers use to steal them. Here are some of the most frequently used techniques:

  • Guessing. Programs designed to guess a user’s password are common. They often use personal information found online—such as names, birth dates, names of friends or significant others, pet names or license plate numbers—as a starting point. These programs can even search for a word spelled backwards.
    TIP: It’s best to steer clear of any personally identifying information when creating a password.
  • Dictionary-based attacks. Programs and software also exist that run every word in a dictionary or word list against a user name in hopes of finding a perfect match.
    TIP: Staying away from actual words, even in a foreign language, is recommended.
  • Brute Force” attacks. By trying every conceivable combination of key strokes in tandem with a user name, brute force attacks often discover the correct password. Programs can execute a brute force attack very quickly.
    TIP: The best way to beat such an attack is with a long, complex password that uses upper and lower case letters, numbers, special characters and punctuation marks.
  • Phishing. Phishing scams usually try to hook you with an urgent IM or e-mail message designed to alarm or excite you into responding. These messages often appear to be from a friend, bank or other legitimate source directing you to phony Web sites designed to trick you into providing personal information, such as your user name and password.
    TIP: Best advice is don’t click a link in any suspicious e-mails, and don’t provide your information unless you trust the source.
  • Shoulder surfing.” Passwords are not always stolen online. A hacker who is lurking around in a computer lab, cybercafé or library may be there for the express purpose of watching you enter your user name and password into a computer.
    TIP: Try to enter your passwords quickly, without looking at the keyboard, as a defense against this type of theft.

Tips for Creating and Using Safe Passwords

Because every member of the university can access the campus network, it’s important to remember protecting your computer and accounts with strong passwords also helps protect other users as well. If just one password used to access the campus network is breached, all of the computers connected to the network are put at risk for viruses, worms and other forms of malicious attack.

In addition to the suggestions offered above, follow these guidelines for creating and using strong passwords:

Creating a strong password:

  • Use BOTH upper- and lower-case letters.
  • Place numbers and punctuation marks randomly in your password.
  • Make your password long and complex, so it is hard to crack. Between 8 to 20 characters long is recommended.
  • Use one or more of these special characters: ! @ # $ % * ( ) - + = , < > : : “ ‘
  • To help you easily remember your password, consider using a phrase or a song title as a password. For example, “Somewhere Over the Rainbow” becomes “Sw0tR8nBO” or “Smells Like Teen Spirit” becomes “sMll10nspT.”
  • Make your password easy to type quickly. This will make it harder for someone looking over your shoulder to steal it.

Using your password safely:

  • Create different passwords for different accounts and applications. That way, if one account is breached, your other accounts won’t be put at risk too.
  • Never use your UT EID password for online shopping sites or free e-mail accounts (Hotmail, Yahoo!, Gmail).
  • Change your passwords regularly, about every six months. To change your UT EID password, go to the UT EID Self-Service Tools Web site and select Change My Password.
  • Don’t share your password with anyone else. Once it’s out of your control, so is your security.
  • Never enable the “Save Password” option, even if prompted to do so. Pre-saved passwords make it easy for anyone else using your computer to access your accounts.
  • Be especially careful about saving passwords in web browsers. If you need to save your passwords digitally, be sure to use a trusted repository such as the new Stache service offered by the Information Security Office, the Mac OS keychain or a reputable third party password management application.
  • Never walk away from a shared computer without logging off. This will ensure no other users can access your accounts.
  • Don’t use sample passwords given on different Web sites, including this one.