Choosing a Secure Password

It seems like there is always some company in the news due to being hacked and user account information, such as passwords, being released.  One of the simplest ways to protect yourself, your district, and of course your district website from being hacked is by using a strong password.

What makes a password strong?

Length and complexity. While the longer a password is, the hard it will be to crack, it is also adding complexity to your password that makes it the strongest.  By complexity, I mean using lowercase letters, uppercase letters, numbers, and if you can punctuation.

Even though it can be hard to do, you should also never reuse passwords.  For example, if you use the same password on every website and one of those sites gets hacked, the hackers can then try accessing your accounts on other sites using the same username or your email address.

What should I avoid using in my password?

Dictionary words. When you are choosing a new password for your SchoolEngine account, you will notice that if you type only English words it will take a very long password before it will tell you it is strong.  However, if you don’t use English words you might only need 10 characters.  The reason for this is hackers user dictionaries to help speed up their hacking by guessing common words and combinations of those words first.  Most of them also use common replacements as well such as using a zero in place of the letter “O”.  So while replacing that letter with the number zero might make it look more complex, it if is still part of an English word it may not be helping as much as you would like.

Repeating characters. Just as bad as using dictionary words is using repetitive letters or numbers as it reduces the complexity.  At first glance, you might see something like “aaaa1111xxxx8888” and think it is secure because of how long it is, but that is not the case.  Even though it is long, it is still relatively simple and most likely will be considered weak by most websites.

In addition to dictionary words, you should also avoid anything personally identifiable.  This includes children’s names, pets names, birthdays, etc.  These are all things that can be obtained fairly easily by someone via Facebook, casual conversation, or social engineering.

At a minimum, it is suggested to use lowercase letters, uppercase letters, numbers, and using a password of at least 10 characters in length even using the methods below.

What’s next?

Are you ready to try and make your password more secure? Checkout the article Choosing a Secure Password in our documentation for two methods of creating a secure password that you can remember.  Have other ideas to add to the discussion?  Let us know in the comments below.

 

Leave a Reply

Your email address will not be published. Required fields are marked *