Week 1 - Strong Passwords

Importance of Using Strong Passwords

In today’s digital age, passwords serve as the first line of defense against unauthorized access to your personal and university accounts. Whether it's protecting your email, student portal, or research data, using strong passwords is critical to safeguarding sensitive information. At SDSU, we are committed to maintaining a secure online environment, and that starts with you choosing secure passwords.

What Makes a Strong Password

A strong password is more than just a random combination of letters and numbers—it’s a thoughtful, deliberate shield that makes it significantly harder for hackers to guess or crack. Check out SDSU's Password Policy for more information. To create a strong password, make sure it meets the following criteria:

• Length: Use at least 10 characters. The longer the password, the more difficult it is to break.
• Complexity: Include a mix of uppercase and lowercase letters, numbers, and special characters (such as !, @, #, or $).
• Avoid Common Words: Steer clear of using easily guessable information such as your name, birthday, or the word "password."
• No Reused Passwords: Don’t recycle passwords across multiple accounts. If one account is compromised, others become vulnerable.
• Passphrases: Consider using a passphrase—a series of random words or a meaningful sentence that's easy for you to remember but hard for others to guess (e.g., “Pineapple$Hiking!Tuesday2”).

Weak Password Test

The new 2024 Verizon's Data Breach Investigations Report showed that Basic Web Application Attacks are caused by the Use of stolen credentials (77%), or Brute force (usually easily guessable passwords) (21%). Cybercriminals are constantly on the hunt to identify users with weak passwords. Find out if your password can pass these password tests by using these free tools:

• Weak Password Test from KnowBe4
• Password Generator from Keeper Security

Note: SDSU does not endorse any commercial product or service. SDSU does not attest to the suitability or effectiveness of these services and resources for any particular use case. 

Best Practices for Managing Your Passwords

• Use a Password Manager: Keeping track of multiple strong passwords can be difficult, but a password manager securely stores all your login credentials in one place. 
• Avoid Writing Down Passwords: Never write your passwords on paper or store them in unencrypted files on your computer. If you need to store them, use a trusted password manager.
• Enable Multi-Factor Authentication (MFA): SDSU uses Duo MFA to add an extra layer of security by requiring a second form of verification, such as a mobile device, in addition to your password. This ensures that even if someone obtains your password, they still can’t access your account without that additional step. 
• Change Passwords Regularly: Although it may seem tedious, regularly updating your passwords reduces the risk of long-term exposure in the event of a breach.
• Be Cautious of Phishing Attacks: Cybercriminals often use phishing emails or fake websites to trick users into giving up their passwords. Always verify the authenticity of any communication before entering your login credentials.