Skip to Main Content

UW home

CSI: UW  Episode 2

Lock & Key

Could someone really hurt you if they had your password? Your password is like a key to a lock. With your password, threatening email could be sent from your account. Items could be purchased on web sites where you have enabled one-click shopping. Your bank and other sensitive account information could be accessed and used without your knowledge. Your credit rating could be affected. Your identity could be stolen. People could get access to University systems that contain sensitive employee, student, and financial information.

Security is your responsibility. Help keep your information and University of Wyoming data safe by using a secure password. Below are some tips on keeping crackers at bay.

Secure Passwords

It is important to use a long, strong password for your accounts, and the most important factor in creating a secure password is its length. The easiest way for someone to gain access to your accounts is to figure out your password. It is easier to crack a password than you might think! For example, if you only use 6 characters in your password, and they are all lowercase (abc), a password cracking program can crack your password in under 5 seconds! The chart below gives the approximate times to crack sample passwords of different lengths with different possible characters using 3 cracking scenarios: Online Attack, Offline Fast Attack, and Massive Cracking Array Scenario.

Password Online Attack (1,000 guesses/second) Offline Fast Attack (100 billion guesses/second) Massive Cracking Array (100 trillion guesses/second)
Dog 2.4 minutes Instant Instant
092743576 1.8 weeks 0.01 seconds Instant
DOGPOUND 6.91 years 2.17 seconds Instant
DOGPOUNDS 1.8 centuries 56.5 seconds 0.06 seconds
DoGPoUnds 900 centuries 7.87 hours 28.3 seconds
D0gP0unds 4,370 centuries 1.59 days 2.29 minutes
D0gP0und.s 19 million centuries 19.24 years 1.0 weeks
D.0.g.P.0.u.n.d.s 1.34 billion trillion centuries 1.34 billion trillion centuries 13.44 billion centuries


As you can see, the longer a password can be made by padding its length, the longer it takes to crack.

UW helps protect against these types of password cracking tools by locking out accounts after three incorrect attempts.

Here are some tips for creating a secure password.

DOs:

  • Do make your password as long as possible by padding an easily memorized password with simple to remember and enter padding. For example, if you wanted to use “Sunshineday”, try “S..u..N..s..h..1..n..E..D..A..Y” instead. The longer your password is, the harder it is to crack, as is seen in the table above.
  • Do make your password easy to remember. You should be able to type it quickly without having to look at the keyboard.
  • Do create a password with at least 1 letter, 1 number, and 1 special character (\-_+~!*[]%,?{}:/|^’), and have it be a good mix of the three.
  • Do include both uppercase and lowercase letters in your password, in addition to the numbers and special characters.
  • Do use lowercase characters sparingly.
  • Do change your passwords routinely – at least every 60 days.

DON’Ts:

  • Don’t use short passwords. The longer a password is, the harder it is to crack.
  • Don’t make a special character the first or last character in your password.
  • Don’t make a password that contains your username or parts of your full name.
  • Don’t make your password all lowercase, all numbers, or all uppercase.
  • Don’t set your password to anything you’ve used previously.
  • Don’t use simple keyboard patterns like A1B2C3D4, or p0o9i8u7.
  • Don’t use your username, or simple permutations of your username.
  •  Don’t use any personal data (any data someone might associate with you). This includes names, nicknames, pets, social security numbers or phone numbers, birthdates, or license plate numbers.
  • Don’t use words that can be found in the English dictionary in your password without sufficient padding.
  • Don’t use words in a foreign language in your password, especially if the language used can be guessed (for example, it is your native tongue), unless it is sufficiently padded.
  • Don’t use university, college, or state team names in your password. These can be very easy to crack.
  • Don’t use names of famous people, places, things, TV shows, etc., that can be associated with you. For example, if you like the show Law and Order, you shouldn’t use Law_0rder as a password.
  • Don’t have your password contain the word “password”, “secret”, “god” or “root”.
  • Don’t give your password to anyone else. Ever. Not even to your co-workers or managers.
  • Don’t record your passwords anywhere they could be vulnerable. If you must write them down, keep them in a safe place that no one has access to. Never post them on your monitor or under your keyboard.
  • Don’t use the same password for all of your accounts. If your password is cracked, the hacker will have access to everything.
  • Don’t use the same password, or the same 2 or 3 passwords, over and over when you have to change them.
  • Don't use any of the examples above as your password!

For more information on how to create a secure password and see how long it could take to crack, please visit How Big is Your Haystack ( http://www.grc.com/haystack.htm ).

Current updates, free software, and information on UW's Computer Security Initiative may be found on the CSI: UW computer security pages (www.uwyo.edu/security). You can also contact the IT Help Desk at (307) 766-4357, option 1; or send an email to userhelp@uwyo.edu.

Episode 3: The Scene of the Desktop Crime

top of page

Share This Page:

Footer Navigation

University of Wyoming
 

 

 

1000 E. University Ave. Laramie, WY 82071 // UW Operators (307) 766-1121 // Contact Us