Search within:

Using Strong Passwords and a Password Manager

Passwords are a line of defense between your data and the outside world. Much like locking your door before leaving home, a strong password is vital for keeping your sensitive and personal data out of the hands of bad actors. With an ever-increasing landscape of online accounts, the average internet user might have over a hundred accounts. It can be tempting to re-use account credentials or make simple, easy to remember passwords. However, this can expose your account to attackers. Instead, using a password manager can keep your credentials secured in a central location for ease of use.

To help illustrate the importance of a strong password read the following story. The story is then followed with tips for creating passwords.   

A Tale of Many Accounts

Silvia loves her dog. She’s had him since he was a puppy, and because he’s a Dalmatian, she called him Spot. Silvia missed her dog a lot when she moved on to campus to start her biology degree. When it was time to create a password for her student email address, Silvia decided to go with Spot1!, making sure she had a number and a special character, which her university required. Later the same day, Silvia and her new roommate decided to go uptown for some pizza. Silvia parked at a meter, and downloaded the parking app, creating a new account using her student email address credentials.  

There were so many fun restaurants in her new town! Silvia and her roommate decided to try out a cool burrito place. Moving into the dorm was tough work so Silvia ordered two burritos. The cashier told her that she can get one for free if she downloads the Burrito Time app! Once the Burrito Time icon appeared on her phone screen, Silvia selected it, and was prompted to create an account to claim her free burrito. She could even add money directly into her account to buy burritos from the app. She used her student email credentials to sign upSilvia enjoyed her bean burritos, and then headed back to her dorm for some much-needed rest.  

When Password Reuse Backfires 

A few weeks passed, and classes began. Silvia went to log into her university email, and noticed something strange. She could no longer log in! Thinking she may have forgotten her password, Silvia chose “forgot password,” and created a new one. This time, she went for Spot2!. When she logged in, she noticed all her emails were gone. Feeling discouraged, Silvia went to buy herself a burrito to cheer herself up, but when she got to the restaurant, all her burrito bucks were gone! Silvia’s roommate recommended that she call the university’s help desk to figure out what happened to her email.  

The employee at the University Contact Center told Silvia that her email had been compromised. Together, they went through her inbox, and discovered that a bad actor had created an inbox rule to remove all incoming emails and had used her address to send over 500 emails about a “part time job” hiring students to work 4 hours a week for $500. The helpful IT (Information Technology) staff member recommended that Silvia make sure that she changed any accounts with the same credentials as her university email to have strong, unique passwords.  

The parking application used by the city’s meters had been compromised. It turns out, by using the same email and password for three accounts, Silvia had unintentionally let a bad actor into multiple accounts. Without Multi-Factor Authentication, the hackers only needed Silvia’s email address and password to access her email address in order to access her many accounts.  

Learning How to Create Strong Passwords

The Help Desk assisted Silvia with setting up a password manager, a tool that would help her generate secure random passwords and store them in a convenient place. All she needed to remember was the password she set for her password manager's account! This time, Silvia decided Spot should be her dog’s name, not the keys to all her accounts. Instead, she used the following tips: 

  • Plan for a minimum of 10 characters, using special characters, capital letters, punctuation, and numbers. Not sure if your password is long enough? Hive Systems updates their recommendations for password length yearly based on current technology being used by bad actors.

  • Do not use predictable passwords such as passw0rd, 12345, or test1.  

  • This includes obvious connections to the company or brand. For example, don't use bobcat or Rufus as your OHIO password.  

  • Keyboard patterns also make weak passwords, such as qwerty or 1qaz2wsx. 

  • Consider using a phrase instead of a word. Phrases make it easier to have long passwords and can be difficult to guess if you incorporate special characters. 

  • Learn more about Ohio University's credentials policy and password requirements. 

  • Check Have I Been Pwned for information about credential and data leaks from companies and services you use.