skip to content
Primary navigation

Aaron's Security Tips

Get security tips from Aaron Call, MNIT's Chief Information Security Officer (CISO).

Passwords

Making Them not the Worst Thing Ever

2/26/2018 11:28:14 AM

Close up of a computer screen with someone entering their password.

Aaron Call - Chief Information Security Officer

Uh oh. You forgot your password for yet another account that you only use every once-in-a-while. You mentally prepare yourself for the obstacle course you’re about to enter and click the “Forgot your password” link. You follow the instruction in the email and you create your brand new password.

Uh oh AGAIN. The password you attempted to use is “too similar” to your previous password. You sit in frustration and fume at the screen. How do you come up with a brand new password that you’ll remember? Why should you have to? Why does everything you want to do online require you to “create an account” and come up with a password anyway? Why can’t you just use the same password for everything?!

Let me stop you right there. Obviously, using the same password for everything puts ALL of your various accounts at risk. Bad idea.

Passwords can be annoying, but you know what’s even more annoying? Calling your friends and telling them not to open any messages from you because your email account was hacked. Calling your bank and saying you didn’t make those charges on your debit card. Calling Social Security and begging for help because your identity was stolen. That’s more annoying.

Passwords don’t have to be the worst thing ever. Consider:

  • Turning your password into passphrase. Sometimes a long, goofy sentence is easier to remember than a shorter string of random letters. If you insist on a shorter password, try taking a long phrase and shortening it – using letters and symbols to stand in for longer words. The longer the password and the more random, the better.
  • Use password management tools. You should use a different password or passphrase for each online account you manage. And not just changing a single letter or number. Hackers know people do this so when they hack a website, they immediately try the email address and password combinations (or simple variations) on other popular websites. Unique passwords can be a lot to remember, but there are secure tools out there to help you keep things straight. Password managers also build in other useful features like alerting you to breaches or safely sharing access with others.
  • Don’t forget about security questions. If you can reset a password you forgot by answering some basic questions, hackers may reset your password by doing a little online research. Change your security questions and treat them like passwords. Make sure only YOU know the right answers and remember they don’t have to be true.
  • Enable two-factor authentication. A second factor creates an additional layer of security on an account. A code texted to your phone or presented by an app can make it harder for hackers to use a stolen password.

/mnit/assets/security-tip-passwords_tcm38-335664.pdfDownload This Security Tip

Portrait of Aaron Call

This security tip is courtesy of Aaron Call,
Minnesota’s Chief Information Security Officer (CISO)

For more tips, follow Aaron on Twitter at @InfoSecCall

back to top