Oct 06 2021

4 Steps to Stronger Passwords in Higher Education

Help your campus community strengthen a key defense by implementing better password practices.

Educating higher education users about security and engaging them in the effort to protect sensitive data is a never-ending task, as IT professionals know.

October is National Cybersecurity Awareness Month, which makes now a great time to reiterate best practices with the campus community. Often, a back-to-basics lesson — improving password practices — can be surprisingly effective.

Password health helps defend against “password spraying,” a brute-force attack in which threat actors try a single, commonly used password against numerous accounts before pivoting to try a second password, and so on. Password spraying lets attackers stay undetected by avoiding rapid or frequent account lockouts.

Here are four best practices for choosing or upgrading passwords.

1. Choose a Passphrase Instead of a Password

Long, complex passwords are more secure, but they’re hard to remember. Try a passphrase with eight or more characters. Make it something easy to recall, while avoiding common phrases, quotations and personal information.

For example, you could create Footba!!4theGreate5tC1uB, which uses dictionary words in a memorable sequence. The combination of special characters and uppercase and lowercase letters makes it hard to guess.

2. Create a Different Password for Every Account

Don’t use one password for every account. The password you set for each application should be unique because it reduces the risk of compromise.

Hackers often get account credentials from lists published on the internet that were harvested from systems vulnerable to attack. If you use the same password everywhere, it could be used to access other systems.

3. Use a Password Manager

Does setting unique passphrases for each account sound unmanageable? Think about using a password manager. These not only store and retrieve passwords securely, they also generate long, complex passwords specific to each account. Some password managers store passwords in the cloud so you can access them from any device. If you decide to use a password manager, be sure to secure your master password, which should be long and complex. Because the master holds the key to all your account passwords, take extra precautions to secure it with multifactor authentication.

4. Consider Passwordless Authentication for Stronger Security

Some vendors have introduced passwordless authentication for greater security. A typical passwordless system involves two parts: something you have, such as a security key or smart card, and a biometric gesture, such as a fingerprint or retinal scan, or a PIN.

PINs are stored locally and never sent across the network, which makes them more difficult to compromise. As such, they can be shorter in length and changed less frequently than other authenticators.

Sitthiphong/ iStock / Getty Images Plus