The Office of Information Technology - UTSA

This document should be rendered in an HTML format. If you are using an editor that does not show HTML documents please skip to page content, links on this page, and/or site navigation.

Copyright (c) 2007. The University of Texas at San Antonio. All rights reserved.

Information Security Office

Office of Information Technology
UTSA http://www.utsa.edu OIT Main Link
Security MainPoliciesSecurity NewsBest PracticesContact UsITA/ISA

Secure Computing for Personal Computer Users

 

Air Rowdy

1604 & DT Campus Classroom Tech Support

210.458.4520

1604 Campus Classroom Tech Support - After Hours

210.458.4529

DT Campus Classroom Tech Support - After Hours

210.458.2640

Computer Problems?

UTSA Helpdesk
210.458.5538

Student Computing Services

210.458.4557

Password Security Hints

Use Strong Passwords

Your living space has doors and windows, and perhaps most of the time they’re locked. For each lock that uses a key, chances are that each key is different. You know to lock up and not to share the keys with strangers, and probably not with most of your friends. You should not hide keys under the mat or in a flowerpot on your front porch.

Passwords for computers are much the same. For each computer and service you use (online purchasing, for example), you should have a password. Each password should be unique and unrelated to any of your other passwords. You shouldn’t write them down nor should you share them with anyone, even your best friends.

Image of House with Garden Take a look at your front door key. It’s pretty complicated. There are lots of notches and grooves. If there weren’t so many possible variations, a thief could easily make a key for every possible combination and then try each on your front door. This trial-and-error method, (for computers, called brute force) is likely to be effective even if it takes a long time. Nonetheless, no matter how complicated, if the thief gets hold of your key, he or she can copy it and use that copy to open your door.

A password can also be complicated. Most schemes let you use any combination of letters, both upper and lower case, and numbers; and some also let you use punctuation marks. Lengths can vary. You can create a password to be as complicated as you want. The key (no pun intended) is to be able to remember this password whenever you need it without having to write it down to jog your memory.

Like the thief at your door, computer intruders also use trial-and-error, or brute-force techniques, to discover passwords. By bombarding a login scheme with all the words in a dictionary, they may “discover” the password that unlocks it. If they know something about you, such as your spouse’s name, the kind of car you drive, or your interests, clever intruders can narrow the range of possible passwords and try those first. They are often successful. Even slight variations, such as adding a digit onto the end of a word or replacing the letter o (oh) with the digit 0 (zero), don’t protect passwords. Intruders know we use tricks like this to make our passwords more difficult to guess.

Just like the front door key, even a complicated password can be copied and the copy reused. Remember the earlier discussion about information on the Internet being in the clear? Suppose that really strong password you took a long time to create – the one that’s 14 characters long and contains 6 letters, 4 numbers, and 4 punctuation marks, all in random order – goes across the Internet in the clear. An intruder may be able to see it, save it, and use it. This is called sniffing and it is a common intruder practice.

The point is that you need to follow the practice of using a unique password with every account you have. Below is a set of steps that you can use to help you create passwords for your accounts:

  1. The Strong test: Is the password as strong (meaning length and content) as the rules allow?
  2. The Unique test: Is the password unique and unrelated to any of your other passwords?
  3. The Practical test: Can you remember it without having to write it down?
  4. The Recent test: Have you changed it recently?

In spite of the SUPR tests, you need to be aware that sniffing happens, and even the best of passwords can be captured and used by an intruder.

You should use passwords not only on your home computer but also for services you use elsewhere on the Internet. All should have the strongest passwords you can use and remember, and each password should be unique and unrelated to all other passwords. A strong password is a password that is longer than it is short, that uses combinations of uppercase and lowercase letters, numbers, and punctuation, and that is usually not a word found in a dictionary. Also remember that no matter how strong a password is, it can still be captured if an intruder can see it “in the clear” somewhere on the Internet.

Use a worksheet to help you manage your passwords.

Provided by US-CERT www.us-cert.org

Keep Your Password Safe

Never reveal your UTSA Network or any other passwords to anyone.  Don't share it with friends, don't tell your supervisor, or support consultant.

It is a violation of UTSA policy to share your UTSA ID Login and password with anyone.

How to Set Passwords on Your Computer

Online Network Account Reset Page

Windows XP Pro

Linux

MAC OS

 

 

©The University of Texas at San Antonio One UTSA Circle San Antonio TX 78249
Revised: 02/01/2008
Refer Comments to: oit@utsa.edu
Identity Guidelines | Policies | Emergency Preparedness | Required Links