It is Time to Change Your Password
Like bread, milk, and meat, passwords are highly perishable and must be kept fresh to keep from harming someone. Passwords spoil after six months, and while this is a longer shelf life than milk, it is potentially more dangerous should it turn “sour.”
A compromised password not only harms you as you lose protection over and control of your account, but it can also be used in phishing attacks to compromise others – it’s the digital equivalent of unintended food poisoning.
Educause, a leading resource for information technology professionals in higher education, found that a skilled cybercriminal has the ability to crack a password with eight lowercase letters followed by four digits using the brute force method in just five hours and 48 minutes. Shorter passwords with similar complexity are even more vulnerable.
With this in mind, take 15 minutes this week and comb through your accounts, making sure to update and fortify each of your passwords that have not been changed in half a year. Then, set a calendar reminder or write down the date six months out for your next password change.
Make sure you change your password to something that is long and hard to guess. A new password won’t protect your information very well if it is something that is easily connected to you. Your college, your field of research, your hometown, and your spouse’s name are all woefully insecure passwords due in part to the prevalence of social engineering in today’s society.
Some password best practices include:
- Creating a password that is at least 12 characters long, and longer if possible.
- Including numbers, symbols, capital letters, and lower-case letters.
- Avoiding obvious substitutions like "Cycl0ne” instead of “Cyclone”.
- Creating a passphrase of four or more random words.
- Taking a sentence and abbreviating or combining some of the words to form a unique password.
- Using multi-factor authentication if and when available.
Due to design limitations of the AccessPlus system, users can only create passwords with a maximum of eight characters. To address this shortfall, Iowa State is working to implement a new security and identity access management system, which will provide heightened security measures across campus.
Simply using brand new passwords every six months could save you hundreds of hours later on should an old password be compromised and mitigation be necessary.
To learn more about the importance of secure passwords and strong authentication, visit STOP. THINK. CONNECT, a non-profit campaign that’s leadership comes from the National Cyber Security Alliance and the Anti-Phishing Working Group.