Hackers can perform a number of malicious activities should they crack your password: impersonate you, steal your identifying information, or even access your bank account. In order to avoid this sort of exploitation, take the following steps to improve your password security.
Q. How do I create a strong password?
A. A strong password has the following characteristics:
- Doesn’t contain your username, personal information, or obvious phrasing
- Is easy for you to remember -- but hard for others to guess!
- Mixes uppercase/lowercase letters, numbers, and symbols (like spaces, $, %, !, etc.)
- Is longer than 14 characters
Q. Is a passphrase a good idea?
A. Yes. Passphrases are highly recommended. A passphrase is a series of words or a phrase that is meaningful to you, but obscure to others. Usually these passwords are lengthy and involve special characters and/or numbers. Here are some examples:
Q. Can you give me examples of strong and weak passwords/passphrases?
A. See the chart below for strong and weak passwords examples.
|12345||Weak - a commonly hacked password|
|sparky and herman8M||Strong - easy to remember but hard to guess. "Sparky and Herman ate Em."|
|SH36sM%45^&0||Weak - hard to remember|
|peoplearehappy||Weak - easy to guess|
|hello4&m||Weak - too short|
|In3wordsican+e||Strong - easy to remember but hard to guess. "In three words I can sum up everything."|
|Elementary m'dear Watts1||Strong|
|Elementary, my dear Watson||Weak - well-known phrase|
Q. What is "credential stuffing"?
A. Credential stuffing is a process by which hackers use a database of known usernames and passwords from previous breaches (i.e. 2016 LinkedIn breach) to log in to other sites using the same credentials. Therefore, it is wise to avoid reusing passwords, especially for sites containing sensitive data.
Q. Should I use a password manager?
A. Yes. Using a password manager is recommended to avoid recycling passwords and thus falling prey to credential stuffing and phishing attacks. Examples of password managers include LastPass and KeePass. Password managers:
- Generate unique passwords so you're not tempted to reuse a few memorized passwords
- Store all of these less memorable passwords and provide auto-fill
- Offer two-factor authentication, which requires two different methods of verifying your identity upon password manager login
- Prevent you from easily providing credentials to malicious actors
Q. Should I ever provide a password/passphrase via email?
A. No. Never provide your password via email. Davidson will never ask you to provide your password in an email, and no other reputable entity or individual will either.
Q. How do I reset my Davidson password?
A. You change it at https://resetpassword.davidson.edu when you are on campus.