The Truth About Passwords

By Alana Beltzer

Although passwords should provide real protection for your online accounts, the truth is that weak passwords and bad password-related habits can give you a false sense of security about the safety of your personal information.

What Are Weak and Strong Passwords?

Weak passwords are those that can be easily guessed by hackers or password-cracking programs. They include words found in the dictionary; variations of your name or a family member’s name; and simple numeric sequences such as 11111 or 12345. Such passwords offer minimal protection.

To be effective or “strong,” passwords should have at least 8 characters and include an unpredictable mix of upper and lowercase letters, numbers, and punctuation. Some accounts allow users to create passwords that are 12 to 14 characters in length. Remember that the longer and more complex your password is, the more difficult it will be to crack.

How to Create Strong Passwords

With a little creativity, you can easily turn a weak password into a strong one. One way to create a strong password is to start with a phrase that is meaningful to you, such as a familiar phrase or expression. For example, you could choose an old saying, a rhyme, a phrase from a favorite book or movie, or one that relates to a favorite hobby. Then combine the first letter of each word of the phrase, sprinkle in a couple of capital letters and a favorite number or symbol to get a seemingly random collection of letters, numbers, and symbols that is still easily remembered.

For example, take the phrase, “Two heads are better than one.” First, substitute some numbers for words in the phrase, “two” becomes “2″ and “one” becomes “1.” Then, remove some of the letters from the words so they are no longer dictionary words. Finally, capitalize some of the letters in the phrase. Now your favorite phrase has become the strong password, 2HdsBtr1.

Four Habits That Will Protect Your Password

The strongest password will not protect you, if you are careless about safeguarding it.

Here are 4 key tips for protecting your password:

1. Keep your passwords private.

Do not write your passwords down and keep them in a place where others might see them, and do not share your passwords with others. Although it may seem convenient to have a friend check your email account or log in to your computer, any time that you share your password, you greatly increase the risk that your account will be compromised.

Be aware that sharing access to your USC computing account is a violation of university policy. For more information on password policies, please visit www.usc.edu/its/policies/computing/index.html#policies.

2. Never email your password.

Passwords and other personal information, such as social security or credit card numbers, should never be sent via email, where hackers can easily intercept them. No legitimate organization will ever request that you send your password in an email.

3. Create different passwords for different accounts.

If you have one password for all your accounts, anyone who gets a hold of your password will have access to all your information. Even slight variations of the same idea can offer significantly greater protection.

4. Change your passwords at least once every six months.

The longer your password remains the same, the greater the likelihood that a hacker will crack it and break into your account. Scam artists use malicious programs to try thousands of passwords against your account until they find a match. To ensure the security of your personal information, it is important to change all of your passwords at least once every six months.

How Do I Know If My Account Has Been Hacked?

Once a hacker has obtained your password, your account is considered compromised. Many cyber criminals use compromised email accounts to send out spam and phishing messages from legitimate email addresses. A key sign that your email account has been compromised would be receiving error messages for email that you know you did not send. If you are shut out of an account and cannot log in, the account might have been hacked.

If you suspect that your USC computer account has been compromised, go to the USC www.usc.edu/its/password page and change your password immediately. Then contact the ITS Customer Support Center (CSC) so that we can gather the necessary information to prevent a larger security problem.

For problems with your USC password, or for additional information on password security, please contact the ITS CSC at 213-740-5555 or consult@usc.edu.