Skip to main content
Search
Southern Illinois University Edwardsville Logo
Apply to SIUE

Information Technology Services Sub MenuDismiss

  e-ID Support Forms Contact Us

January

Information Technology Services News 2019 January
search its


siue-kb-logo-8.jpg

Students Faculty & Staff Meet the ITS Team
ITS Information
Policies Mission & Vision
SIUE System Status Page


ITS Suggestion Box

spotlight news button

ITSpotlight is designed to keep the campus up to date on ITS activities and services.

Strong Passwords and LastPass

Posted January 9, 2019

By: Curt Price

Secure passwords are extremely important in today's online world. There is a username and password for everything. Online banking, email, cloud storage, ebay, photo banks, your dog groomer's website, PayPal... everything.

It should be obvious why you want a secure password. The more secure the password, the harder it will be for "the bad guys" to break into your stuff, steal your identity, your money, your data, pretty much really mess up your life.

It should go without saying that your password should NEVER include your family name, birthdays, street address, a pet's name, literally "password", "123456", "QWERTY", etc...are awful passwords and can be easily guessed by a real person or a computer. Poor passwords can be hacked in a fraction of a second by a computer. But there are a lot of people (way more than you'd think) who use extremely poor passwords and hackers thank them every day for that.

So what makes a strong password?

  • 12 or more characters (preferably more, depending on what limitations the site or application has on their passwords).
  • Throw in letters and special characters (if allowed by the site or app).
  • Passphrases are good, and easier to remember. A phrase or saying that you'll remember, that includes numbers and special characters.
  • Do NOT reuse the same password on multiple sites. Why? Because if your password is compromised, the hacker then has access to any other site/account where you have used that password. You just gave them a skeleton key to your money, your data, & your life. That's pretty scary.

But creating a unique, complex password for every site & app can be maddening and impossible to remember them all, right?

Agreed. So how do you deal with that?

Write them all down on post-it notes and stick them by your computer? No. Absolutely not. Never do that.

Use a password manager? Yes. Now you're talking.

There are a number of password managers you can choose, but we'll focus on LastPass.

LastPass is a popular & secure cloud based password manager that stores all of your passwords and can generate new ones for new sites. It has an optional browser plug-in (recommended) that will automatically log you in to a site when you visit it and will ask if you want to save any new logins you create on sites, as well as be able to generate secure passwords for any new sites.

LastPass also has a smart phone app (Android & iOS) that gives you access to your password vault on your mobile device. You'll want to make sure your phone is locked if you use the app (honestly though, your phone should be locked anyway for security reasons).

But a password manager is only as strong as the password you have to log in to it (and keep in mind that anyone who has access to your computer, also has access to your password manager...so lock your computer when you are away from it. And while we're at it, lock your front door...you can't be too careful). So while you only have to remember one password to log into a password manager, it needs to be near hack-proof, and never share it. So make it a long pass phrase with spaces, numbers, special characters, etc.

Can you test how secure a password is? Why yes you can.

LastPass has a tool that can tell you how secure a password is: https://lastpass.com/howsecure.php

LastPass can also perform an audit on your browser, and get rid of any saved passwords and logins that your browser may have in it, because those aren't secure (besides, you shouldn't need them anymore now that you have a password manager). It can also go through and grade all of your existing passwords in it's vault to see how secure they are, and help you through a process of changing them to secure passwords. This can be time consuming, but it's absolutely worth it.

But what happens if LastPass themselves get hacked? How secure is my data?

LastPass says they have everything solidly encrypted. They did have one minor security breach in their 10 year history back in 2015, but no encrypted vault data was compromised, according to LastPass. You can read more about their security and that incident here: https://www.lastpass.com/security/what-if-lastpass-gets-hacked

Cloud-based password managers aren't without their critics. Some don't like having all of your passwords in one place where if your main password is compromised, a hacker has access to everything. And that certainly is a concern (which circles back to the fact that you really need to make your main password extremely secure, like the most secure thing ever, like a 32 character pass phrase with punctuation, upper and lower case, and a few numbers thrown in). But honestly, with the dozens, maybe hundreds of sites that you create accounts on, and the desire to have different passwords for each site...a password manager may be the best option. Of course, keeping a local spreadsheet of all of your logins is also an option, but the convenience of maintaining that, pulling that out every time you want to log into a site might take more patience than I have.

You can register and sign up for LastPass here: www.lastpass.com



Categories
Course Design Teaching with Tech Tech Updates
© 2024  SIUE, Edwardsville, IL 62026 Contact SIUE Privacy Notice | Consumer Disclosures & Complaints Equal Opportunity Employer Employment Emergency Notification (e-Lert)

Southern Illinois University Edwardsville is authorized to operate as a postsecondary educational institution by the  Illinois Board of Higher Education.