Introduction

Yes, your passwords really are in danger! As you read this there are thousands of attackers across the world who are actively trying to steal, guess, and break our passwords. Strong password hygiene will help protect your accounts from being compromised.    

Recommended Action

Please review the following password hygiene suggestions. Understanding how and why they work can help protect you from account compromise, identity theft, or worse.

  • Multi-factor authentication (MFA) acts as a last line of defense for your accounts. Even if your password is stolen, an attacker will still need to compromise your second factor of authentication before they can gain access. Generally, this will be in the form of a randomly generated code delivered to your phone through an app or text message. Ensure that you have at least two methods of verification for MFA on your wpi.edu account. * (Remember to check for multi-factor authentication with all of your other accounts as well! Banking, social media, and online stores will all offer some type of second factor.)
  • Use a password manager to avoid repeating passwords. One of the greatest threats to your online security comes from repeated passwords. Sure, your bank may have great security to keep your password from being stolen, but most other websites you use will not take the same approach. When one of these other websites is compromised and your password is stolen, attackers will try to use the same or similar passwords on your more important accounts. To avoid using the same or similar passwords across multiple accounts, you should consider using a password manager that will generate random passwords for you. These passwords are stored in an encrypted format that only you can access via a master password. This “one-password to rule them all” approach is widely accepted by the security community and can be found in LastPass, 1Password, Nord Password Manager, and KeePass
  • A passphrase is a great way to keep your password complex, while still being memorable – clever attackers can find ways of brute-forcing users’ passwords at astonishingly effective rates. By having a “strong” password, you can keep your account from being cracked. Generally, websites will recommend that you add this complexity to your password by using numbers, symbols, strange capitalization, etc – however, this is a poor approach that only makes your password harder for you to remember. You can exponentially increase the complexity of your password (96x, where x is the length of your passphrase in random characters) by simply adding more characters to it. Instead of relying on one word with different characters thrown in, chose 3-4 different words. A passphrase is a great way to keep your password complex, while still being memorable – clever attackers can find ways of brute-forcing users’ passwords at astonishingly effective rates. By having a “strong” password, you can keep your account from being cracked. Generally, websites will recommend that you add this complexity to your password by using numbers, symbols, strange capitalization, etc – however, this is a poor approach that only makes your password harder for you to remember. You can exponentially increase the complexity of your password (96x, where x is the length of your passphrase in random characters) by simply adding more characters to it. Instead of relying on one word with different characters thrown in, chose 3-4 different words.

Password Don'ts

  • Don’t use the same or similar passwords on multiple sites. Your WPI password(s) should be unique.
  • Don't use dictionary words; they are easy for algorythms to crack even using letter replacement by special characters such as @ for a or 0 (zero) for O.
  • Don’t use anything that can be easily looked up online like your birthday or relative’s birthday, pet’s name, names of relatives, nicknames, or favorite team.
  • Don’t store your passwords in a text file or Word document

Helpful Definitions

  • Credentials:  A user’s authentication information like username and password.
  • Cracking a Password:  "Cracking a password" or "password cracking" is a phrase used for obtaining a password using malicious means. This may include a hacker trying to retrieve your password by simply guessing or using software to try thousands of password combinations.
  • Vulnerability: From a computer security standpoint, this term is used to represent any weakness in a computer system, hardware or software
  • Special Characters: Any non-alphabetic or non-numeric character that you type. (! @ # $ % *)
  • Factor: A factor is a type of authentication. The five types of factors are "something you know", "something you have", "something you are", "somewhere you are", and "something you do".