keepitsafe.auburn.eduBuild a Better Password

Skip to Navigation Skip to Content Students Parents Employees Administration Apply Now Give Libraries Map AU Access Toggle Search Apply Libraries Give AU Access Map A-Z Find People A-Z | People Finder -- Toggle navigation Toggle Search Area National Cybersecurity Awareness Month Cybersecurity Center About Auburn About Auburn University Auburn at a Glance History of Auburn University Vision and Mission Statement Auburn Creed Visitors Guide to Campus About the Area Traditions Doing Business with Auburn Office of Institutional Research Academics Academics Office of the Provost Academic Calendar Majors Core Curriculum Libraries Course Schedule Advisement Schedule Final Exam Schedule Auburn Online Programs Financial Aid Registration Schedule Office the Registrar Auburn Bulletin Colleges and Schools College of Agriculture College of Architecture, Design & Construction Raymond J. Harbert College of Business College of Education Samuel Ginn College of Engineering School of Forestry and Wildlife Sciences Graduate School Honors College College of Human Sciences College of Liberal Arts School of Nursing Harrison School of Pharmacy College of Sciences and Mathematics College of Veterinary Medicine Admissions Admissions APPLY NOW Check Application Status Undergraduate Admissions Graduate Admissions Pharmacy Admissions Veterinary Medicine Admissions Distance Ed Outreach Outreach About Outreach Administration AuburnServes Auburn Online Center for Educational Outreach Engagement Development Encyclopedia of Alabama Extension Faculty Engagement Give to Outreach Government Economic Development Institute Office of Professional Continuing Education Office of Public Service Osher Lifelong Learning Institute Outreach Activity/CEU Reporting Outreach Global Research Research About Auburn Research Research Administration Work with Auburn Research Find Auburn Expertise Research Resources Research Facilities Centers & Institutes Contact Us Graduate Research Undergraduate Research Find Funding This is Research - Symposia Students Alumni Parents Employees Administration Building a Better Password Create Complex Passwords Whenever you create a new password, make sure it’s complex. That means it should contain a mix of uppercase and lowercase letters, numbers, and special characters. It should also be something that is not easy to guess or find out about you online such as your birthday, anniversary, pet’s name, or school mascot. You should also avoid repeated or sequential numbers or letters such as ‘aaaa’ or ‘5678’. Another way to increase the complexity is to use a pass phrase instead of a pass word . Instead of a single complex word or jumble of letters, a passphrase contains multiple words, whether real or nonsensical. Those words can be random, or they can form a sentence. Passphrases can also contain spaces, which significantly increase the strength. According to useapassphrase.com, the password ‘wareagle!’ would take less than 1 second to crack. But by adding a space and making it ‘war eagle!’, then the cracking time increases to an hour. Neither of these examples is truly complex enough to protect your data, but one is clearly stronger than the other. Passphrases can also be complex even if the individual words are not. You still don’t want to use easily guessable words, like the name of each of your pets’ names, but you can use real words that are meaningful to you. For instance, those Auburn Fans who witnessed the 2013 Iron Bowl could set their password as ‘1 second 109 yards’ and useapassphrase.com estimates that it would take 25 centuries to crack. There are many ways to make a complex password – you just have to find the one that works for you. Use 12 or More Characters You may have heard the phrase, “a long password is a strong password.” Many systems require you to create a password of at least 8 characters. However, the new standard is to have at least 12 characters in your password with some entities suggesting 16 or more. And as long as you don’t just add ‘1234’ or ‘!!!!’ to the end of your existing password, then those 4 additional characters can make a big difference. If you consider a 4-digit pin for a phone or a debit card, there are 10,000 potential combinations of numbers. If you pick an 8-digit numeric password, it will be 1 of 100,000,000 possibilities. Adding JUST uppercase and lowercase letters gives you more than 2 million times as many combinations. That seems pretty unhackable, but it’s not. There are computers that can run through those 200 trillion variations in less than 30 minutes. But a 12-character password, especially one that uses uppercase and lowercase letters, numbers, and special characters, has over 200 million times more combinations that are possible. That’s nearly 300 sextillion available variations. Now that’s a lot of numbers to try to comprehend, so let’s look at this a little differently. If we talk about this in terms of milliseconds, which is one thousandth of a second, 10,000 would be exactly 10 seconds while 100,000,000 is a little more than 1 day. Looking at the higher numbers, 200 trillion milliseconds would be over 6 thousand years and 300 sextillion would be around 9.5 trillion years. It’s important to note that a computer running the right program takes a lot less than 1 millisecond to test a password, so eventually even a complex 12-character password could be hacked just by running every combination, but that won’t happen very quickly. You’re doing yourself a favor by adding those extra characters. Use a LastPass Password Vault Now that you’re using complex, 12+ character passwords across your accounts, it will probably be difficult to keep track of them all. The good news is that you can simplify your life by signing up for a LastPass password vault. In addition to storing your passwords and security hints, LastPass can also sync across devices, suggest complex passwords, and protect your data behind multi-factor authentication like DUO. The better news is that Auburn provides free premium LastPass accounts to anyone with an @auburn.edu email address. That brings in features like using fingerprint biometrics security, granting emergency access to specific people in the event of a crisis, sharing items to several people securely, and having 1 gigabyte of encrypted file storage for scans and images of things like passports and social security cards. With all of that, you only have to remember one password - your LastPass password – so make sure it is as strong as you can possibly make it while still being able to remember it. And beyond that, make sure to turn on multi-factor authentication. Even the strongest password could potentially be hacked, so having that additional authentication method is crucial to fully protecting your information! Never Share Login Info Everyone knows that passwords are supposed to be a secret. But surely, it couldn’t hurt to share your Netflix or Amazon Prime account with someone, right? And if you’re busy during your registration time ticket, it would be fine to give your password to someone to register for you, right? WRONG. You should never, ever, under any circumstances share your login information with other people. Once someone writes down your password, whether digitally or on paper, there are countless ways for it to get out to other people. If there is a reason to grant someone access to an account you own, such as a group project where everyone needs to get into a certain email account, or some account you share with your significant other, then share the credentials through LastPass. As long as you both have accounts set up, you can grant each other access to an account or application without ever having to say or write down the password. You also get to choose whether the people you share with can actually see the password or if it just gets stored in their vaults. And should the need arise, you can revoke that access at any time. Make Every Account Unique Even if you n...