shortcut to content
Minnesota State University, Mankato
Minnesota State University, Mankato

Password Security

Page address: https://www.mnsu.edu/its/security/blog/2016-01-27-passwords.html

 by Tim DeWeese

Passwords are at the center of our digital lives. They are the keys that protect our most sensitive and valuable files and accounts. It is important to understand what makes a good password and use best practices to limit your risk of compromise. When it comes to passwords we like to follow these guidelines:

·         Make passwords long. 12-14+ characters long or longer is suggested.

·         Make passwords complex. Use uppercase, lowercase, special characters, and numbers.

·         Make passwords non-personal. Avoid using things like your name, birthday, current year, current season, address, phone number, pet’s name, or other information that may be on social networking profiles, public records, or otherwise easily found or guessed.

·         Use different passwords for each account. Using the same password for multiple different accounts will make it easy for an attacker to compromise all of your accounts.

·         Avoid using words found in a dictionary. Instead of people guessing passwords, now computers are guessing passwords. For this reason, if your password is made up of words found in a dictionary, it is very easy for a computer to guess it and gain access to your account.

·         Change passwords often. It is important to not reuse passwords and change your passwords on a regular basis.

There are many different techniques that can be utilized to create strong passwords. Below are a few examples that we recommend for creating strong passwords:

·         Sentences/Passphrases

o   Using lyrics from a song or lines from a movie are great for creating strong passwords

o   Example: "Luke,IamYourFather5#!"

o   It would take 3 septillion years for computer software to crack this password.

·         First letter of each word in a sentence

o   Pick out a sentence or two that you can easily remember and use the first letter in each word to create a strong password that looks random to everybody except you.

o   Example: "My name is Max. I attend school at Minnesota State University, Mankato." turns into MniM.IasaMSU,M.

o   It would take 46 billion years for computer software to crack this password.

·         Combine random words

o   Using a combination of words that have no relation to you works great for passwords

o   Example: UniformCloudAngleScorpion%842%

o   It would take 3 duodecillion years for computer software to crack this password.

Passwords become more secure as you add more layers of security to them. For example, if you use a password like “Mankato”, it would take about 4 minutes to be cracked. If we add an extra layer of security to our password such as numbers or special characters, we get passwords that take much longer to crack. Below are different variations of the password, “Mankato”, that make it much more secure:

·         Mankato,Minnesota%4%6 (30 octillion years to crack)

·         M@nkat0St@te#55! (3 quintillion years to crack)

·         Mankato$98&43 (4 trillion years to crack)

Some passwords can be cracked instantly by computer software, here is a list of the top 25 worst passwords of 2015 according to PCWorld (all of these passwords would be cracked instantly):

1.       123456

2.       password

3.       12345678

4.       qwerty

5.       12345

6.       123456789

7.       football

8.       1234

9.       1234567

10.   baseball

11.   welcome

12.   1234567890

13.   abc123

14.   111111

15.   1qaz2wsx

16.   dragon

17.   master

18.   monkey

19.   letmein

20.   login

21.   princess

22.   qwertyuiop

23.   solo

24.   passw0rd

25.   starwars