SLAC Computer Security		Search SLAC
SLAC Home | Computing Home | Computing Outages | Help

Cyber Security Awareness Month

These tips are part of a month long effort to distribute useful computer security information to the SLAC community.

Day 10 - Authentication Mechanisms (Passwords)

There is an informative page on the Microsoft website which give suggestions on how to create and use passwords. Creating Passwords The minimum length for a password at SLAC is 8 characters. Many of us choose to use longer passwords because they are harder to crack. Creating a longer password which is easy to remember is a challenge. If there is a phrase you can remember then use the first letter or two of each word in the phrase, substitute some letters with numbers and special chars, uppercase a letter or two and you've got a pretty hard-to-crack password. "Think" before you enter your password: If you don't trust the computer you are working on (maybe it is a kiosk in an airport) then don't type any passwords you care about. If you trust the computer then: Make sure the session is encrypted (e.g. does the web page URL begin with https?) Make sure no one is looking over your shoulder. Use different passwords for different applications, for example: Use a simple password for applications where you are required to use a password but for which you don't really care if the info is exposed (e.g. to read an online newspaper). Use a good password for your regular, non-privileged SLAC account. Use really good passwords for your internet banking and for your privileged SLAC account, if you have one. Of course, you never give your password to anyone on purpose! Storing Passwords Some people keep them on papers in their wallets but they don't include the userids next to them or they have a "code" for identifying the userids. Other people use programs (like KeePass) to keep the userids and passwords held in an encrypted, password protected database, often times on a USB drive.