Cyber security awareness month: Passwords

It seems that almost every website requires users to create a password that identifies who they are.

From institutions like McMaster to the most popular social networking sites, passwords are the most basic mechanism for protecting information.

The downside is that passwords also provide a very easy means for cyber criminals to steal your identity and your money—unless you know how to adequately protect yourself from things like shoulder surfing, phishing or malware key-loggers.

In February 2013, McMaster strengthened the requirements for MACID passwords, which will have to be changed on an annual basis.

Because passwords are often the only thing standing between cyber criminals and your private information, keeping your passwords safe and private can be a challenge, particularly when you have so many to manage. Here are some tips for securing passwords and deterring hacking:

Password length matters: it is fact that a longer password is always harder to crack. For example, a six character password can take as little as 11 hours for a computer to guess, while a nine character password could take up to 10 years for a computer to hack. UTS requires that MACID passwords be at least eight characters long
Be creative: use as many character types as possible. Increasing the password complexity is another great way to lengthen the time it would take a computer to guess your combination. Also, never use common letter or number combinations, words or phrases; for example, do not use your birthday or username in your password. MACID passwords must include at least three characters from four groups: uppercase letters, lowercase letters, numerals and symbols.
Make it unique: don’t reuse your passwords. Choose a new password for every account you create and use a password manager to keep track of them.
For your eyes only: don’t share your passwords with anyone.

UTS offers an online password change tool that can help users change their MACID passwords in less than a minute.

For more information about mass marketing fraud, please visit the Government of Canada Competition Bureau.

For more great tips and resources, visit the Get Cyber Safe website.

Also, be sure to follow McMaster IT Security on Twitter @McMaster_ITSec where we share tips, alert followers to spam that is targeting the community and link to articles related to cyber security.

Paul Muir is a system integration specialist who focuses on security, technology and risk at McMaster’s University Technology Services.

Republish this Article for Free

Republish this Article

We believe in the free flow of information. This work is licensed under a Creative Commons Attribution-No Derivs 2.5 Canada (CC BY-ND 2.5 CA), so you can republish our articles for free, online or in print.

All republished articles must be attributed in the following way and contain links to both the site and original article: “This article was first published on Daily News. Read the original article.”

It seems that almost every website requires users to create a password that identifies who they are.

From institutions like McMaster to the most popular social networking sites, passwords are the most basic mechanism for protecting information.

The downside is that passwords also provide a very easy means for cyber criminals to steal your identity and your money—unless you know how to adequately protect yourself from things like shoulder surfing, phishing or malware key-loggers.

In February 2013, McMaster <a href="http://dailynews.mcmaster.ca/article/its-time-to-upgrade-your-mac-id-password/">strengthened the requirements</a> for MACID passwords, which will have to be changed on an annual basis.

Because passwords are often the only thing standing between cyber criminals and your private information, keeping your passwords safe and private can be a challenge, particularly when you have so many to manage. Here are some tips for securing passwords and deterring hacking:
<ul>
	<li>Password length matters: it is fact that a longer password is always harder to crack. For example, a six character password can take as little as 11 hours for a computer to guess, while a nine character password could take up to 10 years for a computer to hack. UTS requires that MACID passwords be at least eight characters long</li>
	<li>Be creative: use as many character types as possible. Increasing the password complexity is another great way to lengthen the time it would take a computer to guess your combination. Also, never use common letter or number combinations, words or phrases; for example, do not use your birthday or username in your password. MACID passwords must include at least three characters from four groups: uppercase letters, lowercase letters, numerals and symbols.</li>
	<li>Make it unique: don’t reuse your passwords. Choose a new password for every account you create and use a password manager to keep track of them.</li>
	<li>For your eyes only: don’t share your passwords with anyone.</li>
</ul>
UTS offers an <a href="http://www.mcmaster.ca/uts/macid/">online password change tool</a> that can help users change their MACID passwords in less than a minute.

For more information about mass marketing fraud, please visit the <a href="http://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/02775.html">Government of Canada Competition Bureau</a>.

For more great tips and resources, visit the <a href="http://www.getcybersafe.gc.ca/cnt/bt/index-eng.aspx">Get Cyber Safe website</a>.

Also, be sure to follow McMaster IT Security on Twitter @McMaster_ITSec where we share tips, alert followers to spam that is targeting the community and link to articles related to cyber security.

<i>Paul Muir is a system integration specialist who focuses on security, technology and risk at McMaster’s University Technology Services. </i>

&nbsp;

Media Enquiries

Phone: (905) 525-9140 ext. 24073
Email: comms@mcmaster.ca

The Communications and Public Affairs Office is staffed from 8:30 a.m. to 4:30 p.m. Monday to Friday.

The University has a broadcast quality television studio to facilitate live and pre-recorded interviews with media. Learn more about our experts.