How Secure Are Your Passwords

500 million. 68 million. 32 million.

That’s how many accounts have been hacked at Yahoo, Dropbox, and Twitter, respectively, in the past couple years...and that’s just the tip of the iceberg. Fraud, stolen identities, stolen credentials. They're all incredibly common.

Your email, medical records, bank account, credit cards, and so much more are secured behind two very small things: your username and your password. Usernames are easy to guess or find online. That leaves one line of defense: your password.

How secure is your password and what are you doing to keep yourself secure?
 

Passwords

  • Use different passwords for each site you visit: If someone hacks one account and gets your password, how many other sites, or how much data can they access, using that same password?

    • Set a different password for each website you log into.

  • Use a password management tool: A password management tool allows you to safely store your passwords in an encrypted tool. There are many software options to help you manage your credentials, security questions, etc. Some popular, and safe, options include 1Password, LastPass, or PassKey.

  • Use the longest password possible: Different sites have different limitations on the number of characters you can use in your password. Longer passwords are often harder to guess or hack than shorter ones.

    • The University of Illinois allows NetID passwords that are 127 characters long.

  • Use Two-Factor Authentication: Two-factor authentication (2FA) requires something you know (your NetID password) and something you own and have (your phone) to log in to a service. Without having your phone, a hacker won’t be able to receive the phone call or text message required to log into your account.

  • Stop bad password habits: This is pretty simple. Don’t use your address, birthdate, or other easily recognized or obtained information in your passwords.

    • Check out this handy little video for more on bad password habits.

  • Provide obscure answers to security questions: Many times, security questions have answers that are easily obtained by hackers. Your first pet’s name? Your kindergarten teacher’s name? Your mother’s/father’s middle name? Without thinking about it, many people include this information in blogs or social media posts.

    • Instead of answering the question directly, consider adding an appended word to the end of the answer. For example, if the question is, “What city were you born in?,” answer “chicagobaseball” instead of “chicago.”

    • Another option is to provide a completely bogus answer, which is easily documented and saved in a password manager. For example, if the question is, “What was your kindergarten teacher’s name?,” answer “Jamaica” instead of the real answer.

  • Set a device passcode/password: Set your device to require a passcode or password after waking up from sleep or to unlock the screensaver. It sounds simple, but many devices are accessed because they weren’t password protected.

Should you have questions about protecting yourself, passwords, or any other security-related information, contact the Technology Services Help Desk at 217-244-7000 or consult@illinois.edu.