UMass Boston

Passwords

Tips for Better Passwords

Passwords are the keys to the kingdom. Once someone knows your password, they can potentially >access all of your personal information and use it to steal your identity. Passwords are a common form of authentication and are often the only thing protecting your personal information. There are several programs attackers can use to help guess or "crack" passwords, but by choosing good passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information.

Your UMass Boston password gives you access to numerous services, including email, WISER, HR Direct (for employees), Blackboard, blogs, and the university's Wifi network. For this reason, you should take the required steps to create strong passwords and protect your password (CONFIDENTIALITY is the key).

Tips for good passwords

  • Make your passwords long and hard to guess. A good password manager can help with both.
  • Do NOT share your password. Keep it confidential. (See our Phishing page for more on this.)
  • Don't use passwords that are based on personal information like date of birth, name, name of your pet etc. that can be easily accessed or guessed.
  • Don't use words that can be found in any dictionary of any language, unless you use a lot of them, like "63 dragons ate my favorite Porsche?"
  • Develop a mnemonic for remembering complex passwords (or use a secure password manager like LastPass or 1Password).
  • Do not use the same password on multiple accounts. Use a different password on every service. A favorite tactic of hackers is to try a known password, e.g. one from a breached website, on many different services and banks to see if you reused the password they found in other places.

For a lot more information on passwords, visit the World Password Day website, where you can learn what makes a good password  and play a game where you destroy incoming invaders by typing their passwords.

How to create a strong password?

  • Make it long. The longer the better.
  • Mix UPPER and lower case letters and add a symbol and punctuation to keep things interesting (things like *?](#@&^%$)
  • Don't just substitute numbers or symbols for letters, as hackers know this technique and account for it.
  • Don't start your password with a capital letter. Of passwords with capital letters, the first character is far and away the most common place for it to be. Instead, put the capital letter in the middle.
  • Don't end your password with an exclamation mark, e.g. Password1! -- not only is the exclamation mark the most common symbol used, the most common place to find it is at the end. Try beginning your password with a backslash or a comma.
  • Don't make your password exactly 10 characters long. When a site says you must use a minimum of 10 characters, hackers assume the majority of the passwords will be exactly 10 characters long. Longer is better, even if all you do is add five commas to the end to make it longer.
  • Have a passphrase: Choose a line or two from a song or poem or a sentence and use the first letter of each word, combine it with numbers and special characters. For example, “I have miles to go before I sleep'' becomes “!IhmTgbiS@AK26$ -- or, even better, "5280 (I have miles to go before I sleep)..."
  • Did we mention making it long? The longer the better.

How to create a BAD password

There are bad passwords (like "DrWhoFan1") and really terrible passwords, like password or 123456, which large numbers of people have actually used. Here are some rules not to follow:

  • Use a simple, short password. Sorry, password, and even Password1, won't cut it.
  • Take a word from the dictionary and add a number. (See above.)
  • Take a word from the dictionary and substitute a symbol for one of the letters, like Pas$word1. Hackers are just not deterred at all by this.
  • Use your name or your daughter's, father's, or pet's name or birthday. That's the first thing a hacker will try.

But no matter how complicated your password is, it doesn't matter if you tell the hacker what the password is (phishing) or get infected with malware. Follow safe computing practices and keep your password to yourself.

For more information

For more information and tips, contact the IT Service Desk at 617.287.5220 or ITServiceDesk@umb.edu.

Information Technology Services
Healey Library, 3rd Floor
 617.287.5220
 ITServiceDesk@umb.edu