Securing Your Passwords
The following article provides some general best practices for saving and protecting your passwords. Specific guidelines for UARK account passwords are available at Passwords.
Remember that passwords should be treated like underwear:
- Change them often.
- Be mysterious.
- Don't leave them lying around.
- Don't share them with friends.
It is unsafe to write down your passwords or save them in documents on your computer. Using the same password for multiple websites and services is also unsafe, because once the password is discovered for one account, the unauthorized user can access all your other accounts.
Stronger passwords can be used for longer periods of time. A good rule of thumb is to change your password when it occurs to you; if you can't remember when you last changed your password, it's time to change it.
Change your passwords if you suspect they've been compromised. If you know they've been compromised, change the passwords and contact the security team in charge of that account. Contact firstname.lastname@example.org if your UARK account has been compromised.
Passwords should be at least eight characters long. When you create a password, pick characters from at least three of the four "character groups":
- Lowercase characters
- Uppercase characters
- Special characters, such as !@#$%^&*)(><, etc.
Avoid dictionary words or combinations like "C0mput1ng" that use simple replacements in dictionary words.
Using Password Safe Tools
Password safe tools generate strong, random passwords and save them in an encrypted vault. They then enter your password for you on each site, preventing you from being tricked into entering your password on a fake site. If the password safe tool doesn't recognize the site, it won't enter the password.
With a password safe tool, you only have to remember one master password. Make sure your master password is at least 15 characters long, which will make it more secure and difficult to hack. Password safe tools also make it easier when you change your password. The tool will remember your changed password and enter it for you when logging into a website or service.
Password safe tools recommended by IT Services:
|Software||Cost||Auto Entry||Portable||Sync to Original||Windows||Linux||Mac||iOS||Android|
|Kaspersky Password Manager||$24.95||x||USB||x||x||x
|IronKey S250 Basic||$109.00||x||x||x||x|
If you need a password you can carry with you on paper, consider using a Password Card from www.passwordcard.org. The size of a credit card, PasswordCard fits in your wallet. It allows you to pick secure passwords for all your accounts by selecting consistent criteria and using the card for reference. The card contains a unique grid of random letters and digits. By choosing a password length and start symbol, a secure password is always at your fingertips.
Determine how many characters are needed for the password, choose a symbol and a row, find the intersecting character for the chosen symbol and row, then start from the intersecting character. Move left, right, up, down or diagonal for the appropriately determined number of characters.
Password length = 8
Symbol = $
Row = 3
Direction = Left
Password = uWERu3Av
As long as you remember the symbol, row, direction of travel, and number of characters, the password can be recreated over and over using the card. Even if your wallet is stolen, the thief cannot know the actual password without knowing the specifics of how the password was chosen.
Feel free to leave your questions or comments.