World Password Day

World Password Day is an annual event on the first Thursday in May meant to raise awareness about the importance of using strong passwords to protect oneself online.

In just the time it takes to read this sentence,
that uncomplicated password can be hacked.

The chart below demonstrates how it becomes exponentially more difficult for a hacker to guess your password the longer and more complex you make it.

Time it takes a hacker to brute force your password in 2023 based on password complexity.
Password table courtesy of Hive Systems https://www.hivesystems.io/password

Unique Passwords = Better Defense

Our passwords and PINs protect all kinds of important and sensitive data. These best practices can help keep your passwords and PINs safer. 

  • Create longer passwords and passphrases. University passwords must be at least 12 characters long, but you can use up to 127 characters! (It would take centuries to crack a password of that length.) The longer the password, the more secure it is. Try one of these strategies for creating longer passwords and passphrases:
  • Put together three or four random words, like “provoke-pedigree-ion-clutter,” then add capital letters, numbers, or special characters as required.
  • Make up a story. For example, imagine a famous person visiting the website that you’re using, and how they would use that site. Create a password based on your story.
  • Abbreviate a phrase unique to you. For example, from the phrase I kicked my computer 23 times today for not working right, you could create the password “Ikmc23tt4nwr” by using the first letter of each word.
  • Consider using a reputable password manager. The average American has somewhere between 70 and 150 online accounts that require a password. A password manager can remember all those unique passwords for you. Password managers safely store and manage usernames, passwords, PINs, and other data for your accounts and devices. They make it easy to log in to websites using just one master password. 

More Tips

login screen where one enters a password with the call to action, "Make It Unique"

Keep your personal data protected with better password practices

  • Create a strong, unique password and PIN for every account and device. Having unique passwords everywhere means that if one password or PIN is stolen or exposed, an attacker can’t use it to get into other accounts or devices too. This helps keep your other accounts and devices safer.
  • Don’t write down your passwords or PINs, and make sure to shield your keyboard or keypad from others when you log in. Don’t share your passwords, the answers to password reset questions, or multi-factor authentication codes sent in text messages. University IT staff will never ask you for your passwords or multi-factor authentication codes.
     
  • Avoid including your birthday or date, address, or phone number in your password. And skip the song lyrics, famous phrases, and quotations. All that information is easy to find elsewhere and makes your password easier to guess.  
     
  • Multi-factor authentication (MFA) requires a physical item [a mobile phone or a hardware authentication device that plugs into a USB port]. Cybercriminals can’t access an account if they have the password but not the associated MFA device. Gain an extra level of protection and begin using MFA (Duo app) if you haven’t already. Learn more about supplementing passwords from the Cybersecurity & Infrastructure Security Agency (CISA) 
     
  • Always log out when using a shared or public computer. With the right browser settings in place, anyone may be able to discover your passwords. 
     
  • Check out the university’s easy and free online cybersecurity training.