When it comes to passwords, R U A 10+?

Are you a 10+?We know that as a member of the Brown community you are generally very security-conscious, especially when it comes to protecting Brown and/or your own personal information. You are aware of how important passwords are to safeguarding that information. So you do your best to protect passwords, don’t share them, and change one if there is reason to believe it has been compromised.

For this we applaud you and appreciate your being part of a culture of security awareness we’re trying to cultivate.  We couldn’t do it without you.

We also want to encourage you to stretch a bit and strengthen your current password by lengthening it two or more characters.  If your password is just meeting the minimum requirements of eight characters, we recommend that you become at least a “10+”. Research, such as Carnegie-Mellon’s 2011 study, demonstrated that length was just as significant, if not more so, than complexity is making a password strong.  Developer Cameron Morris has built a collection of tools to measure password strength, passing them along to the Open Web Application Security Project (OWASP), and inviting the public to try them out. One of his tools, the Passfault Analyzer, predicts how long it will take to crack a given password. Can you create password that would take a century or more to break?

Symbol for InCommon's Silver Level of AssuranceOne other good reason to lengthen your password is that, because of increasing threats, business applications like Workday and Banner providing greater access to personal information than ever before, and the need to meet higher industry standards for authentication to systems and services, Brown will implement more stringent password requirements later in the academic year, when moving to its new identity management / directory system. ISG recommends that you take the time to update your password now before the new requirements are in place.

Read more about password best practices at www.brown.edu/go/passwords.

Posted in Fall 2012 Edition, Safe Computing | Comments Off