Don't pass on protection: 5 tips for stronger passwords

May 6, 2021

For many of us, not a day goes by that we aren’t logging into an account for various tasks, entertainment or work. As such, we've all heard stories of failed password protection ... the cousin who had their bank account emptied after their account was accessed or the friend who had their data stolen from a companywide hack. 

Beyond the stories we share, recent statistics tell an even more compelling story in favor of strong passwords: According to recent studies, 81% of breaches at companies or organizations leveraged stolen or weak passwords (2020 Verizon Data Breach Investigations Report) and 1 million passwords are stolen every week (2019 Breach Alarm).  Download Full Image

The ASU University Technology Office sat down with Zachary Jetson, director of information security, to dive into password protection and share tips to help design secure passwords and keep our information safe.

Exploring how hackers think

Understanding how passwords are cracked is the first step for devising an approach to designing good passwords. 

“Hackers can automate the cracking of stolen password hashes between billions and trillions of passwords per second using high-performance supercomputers,” Jetson said. To do so, hackers apply brute-force cracking, an automated process that uses every possible letter, number and word combination to guess your password. 

“To combat this, we moved to more complex passwords by adding characters, but even those have patterns that are replicable; like using the @ symbol to replace the letter A,” Jetson continued. He explained that this is a great place to start, but went on to share more details on how to create even stronger and more secure passwords.

Five tips for designing more secure passwords

Although no password is uncrackable, increasing the complexity of the password can make the process more difficult and has proven an effective method for dissuading hackers, ultimately keeping your accounts and information protected. Check out these five tips, provided by Jetson, to inform a more secure password strategy:

Tip 1: Length is the number one determinant for a secure password. 

Passwords are at their strongest when they are over 14 characters long. A good strategy to create a password is to select four or five unrelated words that are strung together by a special character; think along the lines of horse-blue-rain-earphones (but please don’t go using this exact password now!) Using words that are unrelated increases the complexity of the password so that hackers cannot as easily guess.

Sometimes, there can be a password character limit that prevents the use of this strategy. In that case, another method is to think of a sentence — like “Jack and Jill ran up the hill” — and use every letter to create the base of the password. You can add further complexity with characters and numbers; for example, add a colon and a date to make it jajruth:2021.

Tip 2: Vary your passwords.

While it may seem easier to use the same password for multiple services and logins, it can quickly become a threat to all of your accounts. That’s because if your password gets stolen in one instance it can be used to access multiple sites and organizations you belong to. Databases of stolen usernames and passwords are used in attacks called credential stuffing and password spraying. When third-party services are compromised and improperly encrypted, user credentials can be leaked. Hackers then use these credentials in bulk to attempt login, with commonly observed passwords, significantly reducing the number of attempts.

This makes using different passwords across services critical. The good news is that password managers, like LastPass, are an effective way to maintain uniqueness and keep track of your credentials for all of the platforms we use on a day-to-day basis.

Tip 3: Utilize multifactor authentication.

While we strongly urge everyone to use different passwords across services, multifactor authentication can be used as an additional security measure against hacks that stem from a multitude of attacks against passwords.

Multifactor authentication requires something you know (a password) and something you have (a mobile device, YubiKey or hardware token) to log into an account. This prevents hackers, who may obtain your password, from accessing your information without your knowledge. The exception comes into play, however, if they have somehow also obtained the device to which the multifactor authentication service sends a verification code via text, call or push notification through a dedicated mobile app or acquires the hardware token.

Tip 4: Avoid malware.

Malware is software that is intentionally malicious, typically containing capabilities such as a keylogger. A keylogger is a type or a function of malware that can track every stroke you enter on your keyboard. As you could probably imagine, this can allow hackers to view your accounts and credentials that are being accessed. Avoid sites and links in suspicious emails that could be rife with malware like keyloggers. You can also stay proactive by having antivirus installed and updated on your device.

Another level of protection against malware can be to avoid using the administrative account on your computer. That’s because if malware runs under the administrator context on your computer, it maintains all the administrator capabilities, including disabling your antivirus or installing additional malware to embed itself deeply within the system. So even in the case that malware does slip through, if you don’t use the administrative account on your computer, it won’t have the same access to your files and information that you do under a “standard” user account.

Tip 5: Act quickly when a hack occurs.

Finally, even with the strongest measures, sometimes your passwords can be compromised. In that event, change your password immediately to mitigate illegitimate access to your information.

You can also find out more about the first line of defense to protect your and others’ information with these resources:

Editorial specialist, University Technology Office

image title

ASU Polytechnic campus celebrates commencement

May 6, 2021

Graduates were able to meet the dean and faculty for a goodbye and thanks

Down at Arizona State University’s Polytechnic campus on May 3, more than 30 grads from the College of Integrative Sciences and Arts attended an in-person get-together in the breezeway of Santa Catalina Hall, which was decked out with tables holding bouquets and cookies.

Robed grads wandered in and out, having their photos taken with Dean Duane Roen in his academic regalia.

The College of Integrative Sciences and Arts hosted several events for its graduates: in-person receptions, virtual events and Zoom receptions for online students.

“The virtual events are fun,” Roen said. “People get to chat with each other.”

Roen beckoned grads to pose with him. “Come on down,” he said.

Troy Anderson, the Polytechnic campus student body president, posed with Roen, capping off earning a BS in political science and a BA in philosophy. The low-key sendoff didn’t bother Anderson in the slightest.

“I think it’s fine,” he said. “I’m not a big graduation person anyway. I’ve finished my four years and I’m done.”

Anderson doesn’t plan to go far. He’s looking for a job at ASU.

Nathan Reed celebrated earning his BS in applied biological sciences, which he earned at age 18. He plans to go to medical school and become an osteopath.

“It’s a little bit different,” he said of the graduation get-together. “I enjoyed all the YouTubes, taking them at my own pace.”

Reed said he missed all the activity of a typical graduation, but as a medical school candidate he understood why things were the way they were.

The Gilbert native enjoyed spending time at the Polytechnic campus with different people from different backgrounds, having had a challenging time in high school at his age.

“Here it was acceptance and doing things differently, and that’s what made it interesting,” he said.

Faculty attended as well, seeing students off. Rafael Martinez just finished his first year teaching Southwestern history and English at ASU. He graduated from the University of New Mexico last year.

“I’m loving ASU,” he said. “I’m super excited that CISA is meeting students’ needs and celebrating their accomplishments. … I’m sure parents appreciate we’re keeping it safe.”

Vanessa Fonseca Chávez teaches Chicano and Indigenous literature and Southwest studies. She attended the in-person reception and a virtual event, and had more virtual events planned for the next day. Her office is in Santa Catalina Hall.

“The space is really great,” she said. “The breezeway is an underutilized space. I appreciate they were able to do this. Students really wanted to do something.”

More Polytechnic celebrations

Ira A. Fulton Schools of Engineering

More campus celebrations

Top photo: (From left) Faculty members Assistant Professor Rafael Martinez, Assistant Professor Vanessa Fonseca Chávez, Lecturer Laurie Ralston and Dean Duane Roen flash pitchforks at the COVID-19-modified College of Integrative Sciences and Arts celebration on May 3, in the Santa Catalina Hall breezeway on the Polytechnic campus. Photo by Charlie Leight/ASU News

Scott Seckel

Reporter , ASU News