October is cybersecurity awareness month. As we close out the month, chief information security officer Rich Tener answers five question about password security.
Is it safe to use meaningful words -- like your birth month -- in a password? Or should I be using random characters?
Rich Tener
The important part of choosing a password is to make it hard to guess. You can use your birth month in your password, but keep in mind that a lot of personal information about you is available to hackers. If you do use some of it in your password, be sure to also include something that isn't easy for a hacker to discover publicly. You don't need to compose your password using all random characters, but making it longer makes it more secure -- so consider using a passphrase and worry less about special characters and complexity.
At Iowa State, we still require you to use numbers, mixed case and special characters. Outside of ISU, you should use a different password on each non-ISU site. When hackers find one password, they'll test it against every other site they can to see if it works.
My university password gives me access to apps like ISU Outlook, Workday and Canvas. Is this considered password reuse?
No. An example of password reuse is using the same password for multiple personal sites or apps, like Ticketmaster and Amazon Prime. Also, you should never reuse your Iowa State password as a password for personal accounts.
With different passwords for everything, how do I remember them all?
I recommend using a password manager app. These apps store all your passwords in a secure way, make them available across all your devices and only require you to remember one good password to unlock them. Options include:
- Dashlane
- 1Password
- Bitwarden
- LastPass
- Keeper
- NordPass
Avoid storing password information in an email to yourself, in the event your email would become compromised. Also don't put password information in an online document platform -- like Google Docs -- for the same reasons.
My browser always asks to save the passwords I enter into sites. Is this safe?
While this is convenient, not all browsers protect your passwords as well as a password manager does. If you leave your computer unlocked or share your computer with someone else, whoever else is using your computer can log in as you to any site. Apple, Microsoft, Mozilla and Google are constantly making improvements to how they manage passwords. For now, a better option is to find a password manager app you like and using that instead.
How do I know if my university password has been compromised?
The information technology security team uses tools that continuously monitor online security. If a situation seems suspicious, a member of the team will investigate further, take action to protect your password and contact you directly. If you suspect your password is compromised, you can contact the team at security@iastate.edu.
