When passwords attack!

Lock up your information with a strong password.

An important part of the lab’s computer security defenses for warding off password attacks involves choosing strong passwords.

The Computer Security team continuously compiles a list of passwords from actual attacks.

The following characteristics and patterns were found in the list of passwords used in a recent attack:

  • Dictionary words, in any language, including proper names, fictional characters and movie titles.
  • Personal details, such as phone and address information. Exploiting free search sites attackers have unprecedented access to personally identifiable content fed from public records, social media sites and any site that you are a member of or that houses information you’ve entered.
  • Recognizable, repeating word and number patterns such as 123123, 123456789, Ab1ab2ab3 or words with letters swapped out by numbers such as Gr8ist and thri11er.
  • Adjacent keyboard keys such as qwerty,!@#$%, or uiop.
  • Identifiable, dissimilar word and number combinations such as turtlelime20 or yahooSerious1972.

The strongest passwords are often difficult to memorize, long, complex and unpredictable. A safe password format includes a mix of upper and lower case letters, symbols and numbers with more than six characters (ideally fifteen). Good examples of strong passwords include Xi8*76#NEx or PaX171RuGBLw.

You can create a complex password that’s easier to memorize by taking a favorite quote or line from a movie and using the first letter of each word and alternating upper and lower cases along with non-sequential numbers.

Whatever method you choose, keep in mind that the best defense against those trying to gain access to your information is to keep your password complex.

— Mark Leininger