For a brief time security professionals advocated for complex passwords that would be difficult to hack: special characters ($, %, +, etc.), long (20+ characters), no complete words. We quickly learned that without protections on the authentication server, hackers were able to crack any mix of characters, at any length, in a relatively short time. Those "secure" passwords led to frustrating typos at login and frequent password resets. Worse, we posted the password to our laptop or monitor for easy reference.
Current guidance suggests a more reasonable approach:
- minimum 8 characters
- no single words or common phrases
- no personal favorites (family or pet names, birthday, sports team, bands, etc.)
- no common passwords
- don't reuse home passwords for work, and vice versa
- use multi-factor authentication when available
- change your password when you think it may be compromised
- Does your password fail the current security recommendations?
- Have you shared your login credentials with a colleague?
- Is it possible that students have watched your keystrokes?
- Have you accessed school accounts (including Gmail) on a device that has been shared or compromised?
- Have you noticed any strange activity with your G Suite or other accounts?
- Do you still need to refer to a cheat sheet for more frequently used accounts?
GTSD staff who would like to update their network login should submit a T3, category b (accounts). I will arrange a mutually convenient time for you to update your network password, and assist with updating other accounts as well.
