Want a better password? Follow these eight tips

The internet is a powerful tool, and an integral part of our lives as faculty, staff and students at McMaster.

While we rely on unfettered access to information, we also need to recognize that there are threats to our security online.

Cyber security is a shared responsibility, and participation from the McMaster community is required in order to help prevent some of the dangers lurking in the dark corners of the web.

October is Cyber Security Awareness Month, and McMaster IT Security has joined the campaign with a focus on passwords — the most basic and widely-used mechanism for securing information on the internet. It is vitally important to maintain good password practices.

Here are eight ways to manage and maintain your passwords securely:

Create long passwords

A longer password is always harder to crack. For example, a six-character password can take as little as 11 hours for a computer to guess, while a nine-character password could take up to 10 years for a computer to hack. Try to use a password that is eight-12 characters long.

Create strong passwords

Use all the character types that are supported by the system. Increasing the password complexity is another great way to lengthen the time it would take a computer to guess your combination. Also, never use common letter or number combinations, words or phrases — for example, do not use your birthday or username in your password.

Never share your passwords

Seriously, do we even have to explain this one? Your passwords allows you to access private, sensitive information. Nobody should ever know your passwords.

Never reuse your passwords

If you inadvertently share the password to access your email, would that put your banking information at risk? Be safe, and don’t reuse your passwords. Choose a new password for every account you create, and use a password manager to keep track of them. Which brings us to the next point …

Use a password manager

You have a lot of passwords to remember — from email to banking to your MacID, and other sites in between. Password managers are applications that keep track of your passwords for you, making it easier to keep your information protected by long, strong and unique passwords. LastPass is a great example of a password manager.

Use two-factor authentication

Two-factor authentication (also known as 2FA) requires users to provide more than just a password to access their information. An individual’s identity can be authenticated using any of these factors:

• Something they know (i.e., a password)
• Something they have (i.e., a phone)
• Something they are (i.e., a fingerprint)

Two-factor authentication requires the individual to provide two of these unique identifiers in order to access their information.

To find out which popular web services offer 2FA as an authentication option, review the list.

Manage your password recovery process

Most internet services offer a self-service password recovery process. This usually involves some combination of an email, an SMS or a secret question. Make sure you understand and properly configure the password recovery process for the web sites that are important to you. We recommend using the recovery option that sends a reset code to your phone, if it is available. Avoid using the secret questions if other options are available.

Change your password if you suspect it has been compromised

Whether someone peered over your shoulder or your favourite online forum was hacked, it’s a good idea to change a password if you think it has been compromised. You can change your MacID password anytime using the self-service portal.