Information Technology and Services

Secure'cUse: Password Safety

Password Safety

Make Your Password HRD2CR@K!

Use safe and strong passwords
Passwords are like passports or blank checks: if lost or stolen they give hackers a world of opportunity to access your personal, financial and work information. Make strong passwords for your accounts to keep your personal information safe.

Manage your passwords
Don’t reveal your password over the phone, online or in person. If you must write down your passwords, store them in a locked drawer. Don’t use the “remember password” feature on applications. Use a unique password for each of your online accounts.

To make a strong password:

  • Have a minimum of 8 characters.
  • The password shouldn’t be found in the dictionary or contain your SU NetID.
  • At least 4 characters must be different.
  • Use at least one uppercase and lowercase letter.
  • One number
  • One of the following non-alphanumeric characters:
    ` ! # $ & * ( ) - _ = \ | [ ] ‘ ; : / ? . ,

Types of passwords
Create a “vanity plate” password. Choose your favorite song lyric or short phrase and translate it to something easy to memorize.

“Let’s stay together”- lt$A2Gtr.

Try a mnemonic password. Pick a phrase and make the password the first and last letter of each word. Check the strength of your password on a reputable site. Try Microsoft’s password checker here. Make a set of rules and have all your passwords follow those same rules. You should have at least 3 distinct password phrases for your different types of accounts.

For example, the rule may be expressed as:
[Movie in Caps] + [Last Digit of Current Year] + [Special Character] + [Site Type in Small Case]
Subsequently, the password becomes,

  • [Gone with the Wind] + [2012] + [Asterisk] + [Amazon]

And the password becomes:

  • GWTW2*az

Remember your passwords
Install password security software, like Passwordsafe, Mac OS X Keychain or LastPass. It keeps your password in an encrypted environment available only to you. Currently, no password security software is offered or supported by SU. However, there are ones available to download for free. Password software is usually a machine specific tool. If you work with multiple computers, make the data portable. As a last resort you can write your passwords down but don’t leave them near your computer. Keep the paper in your wallet or purse with your credit cards and money that way your passwords will be safe.

Protect your passwords
On a shared computer make sure to log out and close the browser after you’re finished. This will prevent others from accessing your passwords. Don’t enter your password or personally identifiable information on a site unless you are sure the site is certified. Change all of your passwords every few months.

Keep your information safe
Follow the advice here. The stricter and more complex your password, the safer your information will be. You will never be asked by SU or an SU employee to reveal your password. If you ever receive an email that looks like it’s from SU asking for personal information be very cautious. It is may be a phishing scam trying to trick you to give out your personal information. The Information Technology and Services Department (ITS) may run standard security audits to attempt to “break” passwords in SU’s system. They are looking for weak passwords that can be easily hacked. If your password is considered weak you will be contacted to change it to fit SU’s password standards.

If your password is hacked

  • If you suspect your University account or password has been compromised, change all your passwords.
  • Email the IT Security Team itsecurity@listserv.syr.edu.
  • Contact the ITS Service Center at (315) 443-2677 or help@syr.edu.

Last Updated: 04/17/14