This article explains how to create strong, secure, and safe passwords, as well as addressing some of the common misconceptions about passwords.
Contents
What are IC's password requirements?
Passwords must:
- Be between 11 and 128 characters
- Consist of a combination of letters, numbers and one or more special characters, such as ! % * + - ? _
- Cannot contain your username or certain commonly used words.
- Not be a password that you've ever used before at IC or elsewhere, and must not be reused elsewhere in the future.
How do I create a secure password?
- Longer is better. The more characters in your password, the harder it is to crack.
- If you use a password manager, consider generating a very long (30+ character) string of random letters, numbers, and symbols for your password. The password manager will store the password, so you can easily use a different random string of gibberish for every website.
- Use a string of words, either a sentence with punctuation or a collection of random words, to make your password easier to remember than a random mix of letters or numbers. This is known as a pass-phrase. Keep in mind that a common phrase or sentence from existing literature is easier for an attacker to guess. You can use websites like Diceware to generate random combinations of words.
- One technique to create strong and easy to remember passwords is to use the first letter of each word, including punctuation, in a sentence. Choose a sentence with some capitalized proper nouns, at least one number, and some punctuation, for example '17 will be Ithaca's year at Cortaca!' becomes the password: '17wbIy@C!'
- Don’t rely on obvious substitutions of symbols and numbers for letters, which attackers have long since picked up on. “App1e” or “App!e” is no more secure than “Apple”.
How can I remember all of my different passwords?
Fortunately, you do not need to keep track of a dozen different, complicated passwords in your head. Password managers are a type of software that securely store all of your passwords, so you can log in to all of your accounts without needing to memorize many different passwords.
There are many free and secure password managers, each with browser extensions, mobile apps, secure password generators, and other useful features. The Wirecutter has an excellent, easy-to-understand overview of the different options along with recommendations.
What must I do to keep my passwords safe?
- Create a unique password for your Ithaca College account and never use it elsewhere.
- Do not share passwords with anyone! IT will never ask you for your password.
- Do not write your passwords down on a sticky note or piece of paper where others could see it.
- Do not store passwords in an unencrypted or plain text file on your computer
- Ensure no one can see your password while you are typing it!