Skip to main content
  • Home
  • About
  • Faculty Experts
  • For The Media
  • ’Cuse Conversations Podcast
  • Topics
    • Alumni
    • Events
    • Faculty
    • Library
    • Research
    • Students
    • All Topics
  • Contact
  • Submit
STEM
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • |
  • Alumni
  • The Peel
  • Athletics
Sections
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • |
  • Alumni
  • The Peel
  • Athletics
  • Home
  • About
  • Faculty Experts
  • For The Media
  • ’Cuse Conversations Podcast
  • Topics
    • Alumni
    • Events
    • Faculty
    • Library
    • Research
    • Students
    • All Topics
  • Contact
  • Submit
STEM

World P@$$w0rd Day: Tips To Protect Your Digital Identity

Saturday, May 1, 2021, By Daryl Lovell
Share
CybersecurityDigital IdentitySTEMWorld Password Day

The first Thursday of May is World Password Day, an annual reminder to promote better password habits and digital security. With more of our lives online than ever before, what should people know about passwords to better protect their identity and private information?

person in blue shirt against gray background

Michael Fudge

Michael Fudge is a professor of practice in the School of Information Studies (iSchool). His areas of study center around digital transformation and the impact of information technology on society.

In this Q&A, Professor Fudge provides tips for password creation and advice on how to keep them safe and discusses extra safety steps you can set up on your devices today to better protect your digital identity.

Q: What are some of the most common mistakes people make when setting passwords?

Fudge: There are two common mistakes users make when deciding on which password to use.

First: using the same password for more than one account. When you re-use the same password on multiple websites, if one of those websites gets compromised and an attacker gets a hold of that password, they can use that password to gain access to the other sites. This is usually automated through an approach called credential stuffing. You should always use a different password for each account.

Second: using too simple of a password. When a website has password complexity requirements (must be at least 10 characters, one uppercase character, one digit, etc..) we sometimes resort to approaches that do not necessarily ensure good password complexity. For example, you might think using your middle name as a password (mine is Alexander) and then to meet the complexity requirements add the current year with a question mark (Alexander2020?). Automated attacks can take this into account nowadays so while at one time this was a good choice it no longer is. The more characters in the password the harder it is to guess, but to meet the length requirement we tend to do some really foolish things like:

  • Repeating the password pattern: Alexander2020?Alexander2020?
  • Adding the name of the site to the password, to make a unique password for each site: Alexander2020?google or Alexander2020?syr.edu

These password choices offer little additional complexity. They are predictable and provide insight into my algorithm, or process for creating a password.

The best choice for a password is a truly random sequence of characters that satisfy the complexity requirements. So how do you remember hundreds of randomly generated passwords? You don’t—use a password manager to do it for you.

The password manager is a personal database of your passwords. It will generate random passwords for you and store them securely. Some password managers will recall the password for you when to return to the site.

Q: So that leads well into this question…My iPhone offers me the option to create a complicated password and save it so I don’t have to remember it. Sounds like that is a good idea?

A: This is Apple’s keychain password manager. The Google phones have one as well. These options are better than you coming up with your own passwords. The risk is you are trusting Google or Apple to securely store your passwords, but it’s better than Post-It notes under your keyboard! There are third-party password manger services: Lastpass, 1Password, Dashlane, and RoboForm. They do the same thing but are not tied to just your phone or Apple/Google devices. The important thing to remember is that when you use these services, we are trusting these organizations to store the key that decrypts our passwords. If you wrote all your passwords in a notebook and locked that notebook in a safe, it would be like giving Google, Apple, Lastpass, etc. the keys to that safe. This is necessary for a password manager to function.

Q: How often should you be changing passwords? Are some accounts more important than others to update regularly?

A: With my passwords randomly generated, I do not change my passwords unless the service requires it.

What is really important is to enable two-factor authentication. This adds an extra layer of security, requiring you to not only know your password but also have a device that can verify your identity, most of the time this device is your smartphone. Two-factor might send SMS TXT to your phone each time you log in or use a special Authenticator app. For example, each time I log into my bank, I must reach for my phone and allow it to read my fingerprint. That way if my bank password does get stolen an attacker would also need my phone (and fingerprint) to log in to my account.

Two-factor authentication also gives you peace of mind as I get a notification each time someone tries to use my password to log in. If that person isn’t me, I need to change my password.

If the service supports two-factor, I turn it on. If you use a password manager to store your passwords, enable two-factor to protect your passwords!

Q: What are your thoughts on other types of security measures connected to biometric technology, such as facial recognition and fingerprint security?

A: These technologies work well as part of a two-factor strategy. For example, facial recognition paired with a pin on your phone is a good idea.

Q: With many of us living in the digital world now more than ever, what do we neglect or not know about when it comes to passwords and our digital security?

A: The ways attackers can attempt to obtain our passwords are numerous and varied. Some things we can control, like only installing software from trusted sources, and never clicking on links in an email. For the times the company gets hacked and the password exposure is not your fault, I suggest checking the email used when you signed up for the service on haveibeenpwned.com. When you enter your email, it will check to see if that email account was used with a service where your data was leaked. For the companies appearing on that list, change your password on that company’s website and set up two-factor if allowed.

 

  • Author

Daryl Lovell

  • Recent
  • Syracuse Views Spring 2023
    Wednesday, February 8, 2023, By Christine Weber
  • Falk Public Health Professor Katherine McDonald Honored for Research on Creating Inclusive Communities
    Wednesday, February 8, 2023, By Matt Michael
  • The Breedlove Readers Book Club Gears Up for Spring 2023 Series
    Wednesday, February 8, 2023, By Martin Walls
  • ECS Students Invited to Study Abroad at the Crossroads of Europe
    Tuesday, February 7, 2023, By Alex Dunbar
  • A Star’s Unexpected Survival
    Tuesday, February 7, 2023, By Dan Bernardi

More In STEM

ECS Students Invited to Study Abroad at the Crossroads of Europe

The Syracuse University center in Strasbourg, France, offers an incredible study abroad experience for College of Engineering and Computer Science (ECS) students. Located in western France on the border of Germany, Strasbourg is centrally located with easy access to Switzerland,…

A Star’s Unexpected Survival

Hundreds of millions of light-years away in a distant galaxy, a star orbiting a supermassive black hole is being violently ripped apart under the black hole’s immense gravitational pull. As the star is shredded, its remnants are transformed into a…

Seismology Professor Sheds Light on Turkey-Syria Earthquake

With a climbing death toll of more than 5,000 people and thousands still missing, Turkey and Syria have been devastated by the magnitude 7.8 earthquake that hit the two countries this week. Joshua Russell is an assistant professor of seismology…

Donor’s ‘Belief in Potential’ Motivates $1.5M Gift

Like many young women with an interest in science, Laura Feldman ’81 thought about a career in medicine when she entered Syracuse University. But she was daunted by the statistics and her future prospects: At the time, women were not…

On Tragedy’s Anniversary, Former NASA Leader Sean O’Keefe Reflects on the ‘Price of Diligence’

The Columbia shuttle was scheduled to land at the John F. Kennedy Space Center in Cape Canaveral, Florida, on the morning of Feb. 1, 2003, after completing a successful 16-day research mission. Joining the families of the ship’s seven-member crew…

Subscribe to SU Today

If you need help with your subscription, contact sunews@syr.edu.

Connect With Us

  • Facebook
  • @SyracuseUNews
  • Youtube
  • Facebook
  • Instagram
  • Youtube
  • LinkedIn
  • @SyracuseU
  • @SyracuseUNews
  • @SUCampus
  • Social Media Directory
  • Accessibility
  • Privacy
  • Campus Status
  • Syracuse.edu
© 2023 Syracuse University News. All Rights Reserved.