To log into a system, you authenticate with a username and password. Usernames provide no protection since they are typically some form of your name or part of your email address. The security of your account rests on what password you choose.

Crackers (known to some as “hackers”) may try to guess your password to gain access to your account. You may be thinking to yourself, “No one would try that with my account.” You might be surprised. Identity theft appears in the news more and more often. If your account contains personal information about yourself or gives access to information about others, you are a target.

Some people will try to gain access to your account just to cause trouble. Your email may not seem that important to you, but if someone were to send offensive emails around campus, who do you think gets questioned?

Let’s look at some common passwords that crackers try to find. The following is a list of easily guessed passwords:

• “password”, “qwerty”, “123456”: these are normally the first guesses
• Your name, relative’s name, pet’s name: These are names that many other people know. Remember the movie “War Games?” Yes, it is only a fictional story, but still... in it, Matthew Broderick almost caused global thermal nuclear war with an account that had the password set to the user’s son’s name. (A little trivia: What was the password? No cheating now! Put away that search engine....)
• Any dictionary word or combination of two: Dictionary attacks are one of the first methods a cracker will try, and it only takes minutes to run. This includes passwords that are a word followed by a number (e.g. puppydog14). Even non-English words can be cracked by a dictionary attack.
• Short passwords: With modern computers, it only takes a couple of minutes to crack a six character password, even one that uses a combination of numbers, lowercase letters, uppercase letters, and special characters.

So what constitutes a strong password? Let’s start with a list of the basics:

• 8 or more characters in length
• Uses a combination of numbers, upper-case letters, and lower-case letters
• Not a dictionary word
• Not based on your personal information

Now we have a good start. Any harder rules, and you'd never remember the password, right? Well, here’s something that might help you... try using a mnemonic aid. While writing this, I’m listening to the radio and a song I know just finished, “Rusty Cage” by Johnny Cash. So let’s use that song to form a strong password.

We’ll start by combining the words, “RustyCage”. That’s 9 characters, and is easy to remember. Now let’s change the capitalization around, “rUstYCage”. It looks stronger already! Just to add a little more complexity, let’s use what is known on the Internet as “leet-speak.” We can replace letters with similar looking numbers (4 – A, 5 – S, 1 – I, 0 – O, 3 – E and so forth) or even substitute for entire words, “rU5tYcag3”.

Okay, that password shouldn’t be too hard to remember, and it hopefully gets the point across on how easy it can be to create a stronger password. Let’s look at a few more examples:

• Mean Eyed Cat -> meaNeyeDcaT -> m34NeyeDcaT -> m34neyeDc@T
• Desperado -> DesPerAdo -> DesP3rAd0 (that's a zero) -> De$P3rAd0

It may take a little getting used to, but it isn’t hard once you get a feel for it. Since these examples are now public knowledge, though, please don’t use them! Speaking of that, passwords should never be written down, shared with others, sent in emails, or otherwise disclosed. If they are, they should be treated as compromised and be changed as soon as possible.

For more information on passwords at Park University, please see the Password Policy in the Policies and Procedures section of this website.