Administration About Infinite Campus and Schoolloop Academic Integrity Policy Attendance Bell Schedules CHS Calendar Cafeteria Information CHS School Information & Forms Community Service ChallengeSuccess CHS Alumni Destinations Directions to CHS Map - Campus/Parking Map - Traffic Plan Recycling Program Staff Development Staff Directory Faculty Advisory Committee Staff Resources Student Technology Use Policy School Profile School Quality Snapshot Technology Tino News Today Use of Facilities Web Publishing Guidelines Be A Part of CHS History!
Academics Home Library Art Department Business Department Drama Department ELD Department English Department Industrial Technology Department Living Skills Department Math Department Music Department Physical Education Department Science Department Social Studies Department Special Education Department World Language Department AVID Student Center for Success
Welcome to the Guidance Department! Four-Year Planning Grade Level Information Frequently Asked Questions Concurrent Enrollment Taking Courses Outside of CHS Request for Transcripts Student Support Services College & Career Center
ASB ASB Student Bank Band Club Websites Orchestra Choir Cheer Squad Drama Facilities Golden Spurs Grad Night Speech and Debate Club Tino Prospector
Athletics Home Athletics Boosters Athletics Registration Cross Country Baseball Boys Basketball Boys Soccer Boys Tennis Coaches Field Hockey Football Girls Basketball Girls Soccer Girls Tennis Boys Golf Girls Golf Gymnastics Swimming Track and Field Volleyball Water Polo Wrestling Softball
Community Home Athletic Boosters Alumni Hall of Fame CHS Bond Program School Site Council Comunity Resources Grad Night Korean Parents Group Familias Latinas Unidas PTSA Help Page

Technology

Password Strength Tips

password.pngThese tips won't just help you at CHS, but at home as well. Here at CHS, your bank or social media accounts may not be at risk, but we still have sensitive and personal information to protect. And with just one password syncing across multiple services (email, IC, etc.) it is even more important to have a strong password.

First, lets discuss who exactly are these passwords for?

We dont need a password as strong as "W8#htXi29&86" to keep Uncle Bob, or the neighbor, Joe, out of our system. A simple password like "123abz" can do that.

So who are we trying to keep out?

The person next to you - These are the people who will have the most information on your password. They can watch you type it, hear the key presses, and see what hand you are typing a key with. So, choosing a password like "123abz" can be easy for them to guess. And because they are next to you, they most likely know a little bit about yourself. So passwords like your childs name and birth month "Mikey04" can also be easily guessed.

Password cracking programs - These are the main culprits. The reason websites ask for at least 8 characters, with at least 1 number. These password cracking programs can do thousands of guesses per second, and begin with common passwords, like capitalizing the first letter and ending with two or 4 numbers (Mikey04). They will try thousands of combinations, over and over, until it gets in.

 

PASSWORD DONTS

  • single dictionary words (skydiving)
  • less than 8 characters (rj1977)
  • personal words/dates (samantha, 10231975 , etc)
  • common phrases or grouped words (newyorkcity)

 

PASSWORD STRENGTHS

Randomize as much as possible

A password like "Is73&Gft" is better than using something like "wildcats" as a password. Even though they are both 8 characters, "Is73&Gft" is not a dictionary word, uses capitals and special characters, and each character is random.

Check out Kaspersky Password Tool and enter some example passwords (not your real passwords) you think are safe. This tool will show roughly the time it would take a cracking program to hack your password. Try "wildcats"  and then try "Is73&Gft" and see the difference.

The main problem with "Is73&Gft", other than only being 8 characters in length, is that its not efficient to type or remember. Who wants to type "Is73&Gft" every time they check their email?

What about being creative, like changing "wildcats" to "W!ldcat5", you ask? It helps to protect against someone physically typing and trying to break your password. But see what Kaspersky thinks about it. If you are clever enough to change "S's" to "$" and "i's" to "!" then password cracking tools will try that out first! Spell your word backwards, that's clever! Wrong! Password cracking tools were designed by humans, so they know how you think!

Use passPHRASES instead of passWORDS

Use phrases instead of just a single word. Some sites wont allow spaces in passwords, so you may have to add an underscore or some other special character. We will use: "Peter ate 2 cakes!"

Now try "Peter ate 2 cakes!" in the Kaspersky Password Tool

"Peter ate 2 cakes!" is not in the dictionary, uses spaces, has capital letters, numbers, and most importantly it is 19 characters long! Not to mention, its not a chore to type like "Is73&Gft".

Longer passwords are always better than creative ones

When it comes to passwords, longer is better than creativity. Would you believe "pigpigpigpigpig" is more secure than "Is73&Gft "? Well, it is, because each character adds exponentially more ways to type a password. (This is known as Password Entropy). The entropy of a password is the expected number of attempts that an attacker will have to try before finding your password in a brute force attempt.  Try it out in the password tool above. Create a long password whenever possible.

Longer and Random are the keys to a great password.

"Peter ate 2 cakes!" is a secure 19 character password. Whats a more secure 19 character password? Try "brick viet frog jot". Four random words. Still 19 characters, doesn't use capitals, numbers, or special characters. No common phrases. Just random words. Its better to be truly random (see Diceware system), not just four words you think of, because cracking tools will try the most common words people think about first (love, dog, home, etc.).

Why? Cracking tools will always look first for the common words, phrases, symbols. They don't start the letter "a" and then go "aa" and so on. They start with the 1000 most common passwords like "12345", "password", "loveyou", "wildcat", etc. They may also use a 500 or 1000 word dictionary to brute force your passphrase. They can have an entire database of thousands of popular quotes, and run a simple algorithm to add punctuation, or turn an "S" to a "$". The quote "I have a dream" can be turned into a thousand variations like "1 Hav3 4 Dr34m" or "I-haVe-A-Dr3am!" in seconds.

CONCLUSION

Make longer passwords, or even better, passphrases (12 characters or more is recommended, 15 characters or more is ideal)

Randomize it enough so as not to be forgetful or a chore to type.

Don't make passwords personal or something meaningful to you (Remember, we also want to keep out those around us)

Sources:

Kaspersky Password Tool: http://blog.kaspersky.com/password-check/

7 Tips to Toughen Passwords: http://www.darkreading.com/risk-management/7-tips-to-toughen-passwords/d/d-id/1104754?

Creating Strong Passwords is Easier Than You Think: http://www.infoworld.com/article/2616157/security/creating-strong-passwords-is-easier-than-you-think.html?page=2

How to Create a Secure Password: https://open.bufferapp.com/creating-a-secure-password/

Toward Better Master Passwords: https://blog.agilebits.com/2011/06/21/toward-better-master-passwords/