How Secure is Your Password? Find out how long it will take for hackers to crack your password and check if your password or your email address is one that has been leaked in any data breaches!
Best practices around password and passphrase management are evolving. New Digital Identity Guidelines from the National Institute of Standards & Technology (NIST) focus on longer passphrases to ensure password security.
Improving Password Security
Georgetown University has implemented Duo two-factor authentication for all NetID Single Sign On applications. Two-factor authentication provides added password security by requiring a unique code in addition to your password before successful authentication to an application. This unique code is usable only once and can be pushed to your mobile or desk phone. If your password credentials become hacked, the chances that someone will be able to use them maliciously is reduced when using two-factor authentication.
The University Information Security Offices urges everyone to enroll in Duo, the University’s solution for two-factor authentication. It’s a great way to protect your NetID password and to ensure the security of University data and your own information.
A strong password is one that’s hard to crack. A strong password must meet all of the following requirements:
- Your password must be at least eight characters long.
- It must have at least one number.
- It must have at least one letter.
- It must have at least one symbol (!,@,#,$,^).
- Avoid simple variants of names or words (even foreign words), simple patterns, famous equations, or well-known values
- Try thinking of a phrase (i.e. part of a book, poem, or song), and use it to form a password you’ll remember. For example: “All of Gaul is divided into three main parts.” would be “AoGi/3mp.”
- Our best advice: think of a passphrase, for example: Changeyourpassword2day! According to How Secure is My Password, that will take 19 septillion years to crack!
- Never tell your password to anyone—You are responsible for your own password!
- Never write down your password.
- Make your password hard to guess—do not use the name of your pet (or your children).
- Avoid using words found in a dictionary.
- Change your password at least 2x per year (enroll in password.georgetown.edu).
- The more random your password, the better.
- Be sure that you don’t use personal identifiers in your password (like your name or NetID).
- Never reuse passwords on different websites or across accounts
- Use a Password Manager to help manage all your accounts.
- Enroll in two-factor authentication through Duo!
- Avoid using the “Remember Password” feature: These features, typically used to access secure applications (i.e. email, calendar, financial systems) and Web browsers (i.e. Mozilla Firefox, Chrome, Internet Explorer, etc.), do not adequately protect passwords. It may be possible for a computer virus or unauthorized user to gain access to this stored information.
- Report compromises immediately: If you suspect your account or password has been compromised, report the incident to the University Information Security Office and change the password immediately.
A compromised password not only puts your own information at risk—it may also expose sensitive University data and systems.
Remember: University representatives will never ask for your password: It is against University policy for a technology service provider to request a user’s password.
Overwhelmed by the number of passwords, online accounts and codes you need to remember? Since you should not use the same password for your University and personal accounts, consider using a valid, notable password manager. Georgetown does not endorse any one product, but you can learn more about password manager options to see how they might fit your needs. Password manager information