MCC Daily Tribune Archive

Weak Password = Weak Security


As society has moved away from face-to-face transactions, passwords have become the defacto method for determining someone’s identity.  From banking to email access to social networks, people are identified by their public username and their private password.  This system is only good if your password is not easily cracked.  The problem is that many people are still trying to keep all their passwords in their head and because of this, we tend to pick simple passwords.  This is not the only problem. Using the same password across a number of websites can increase the chance of being breached and it weakens the security of a person’s data.

Studies show that people reuse their banking passwords on at least one other non-financial site, and half shared both their username and password with other non-financial sites such as Facebook, Dropbox, iCloud, etc. Not all sites invest heavily in security and your username and password could be stolen.

So, how do you have different complex passwords for all your sites and remember them all?  Having a tiered system of passwords is one way.  On the first tier of sites -- such as financial services -- where compromised credentials could lead to significant harm, you should use a complex password.  On the second tier of sites, social networks and other sites with personal data, people should use a different complex password.  All other sites get a third complex password.

In creating a complex password, you can pick a root password and modify the password for each site.  Here’s how you would do that.  Using the first letter of each word in a sentence is a popular method.  For example, “Jack and Jill went up the hill to fetch a pail of water” might become “JaJwuthtfap0w”.  Then, you modify the password for each site.  “JaJwuthtfap0w-fn” might be the version used for the First Niagara Banking website.

The key is to make the password complex but simple to remember.

This cyber-security tip is brought to you by the ETS: Cyber Security Awareness Program.

Donna Pogroszewski
Communications and Network Services
02/26/2014


Attachments:
icon Passwords.pdf