. Safe Computing
The Faculty of Mathematics, Computing and Technology

 
 

Passwords

 

  

Subscribe to our Email notification service

'Safe Computing' Bulletins: All bulletins | Last 25 bulletins | Search Bulletins only | RSS Readers
Loading
     

Home
Windows Updates
Latest Viruses
Email and Spam
Resource Sites
Breaking News
Security Bulletins
Passwords
Health and Safety
IT Governance
Support Forum
Feedback
Webmasters
Join our Email list

Contents Page
Contact Us
Search

Much advice is given about passwords. We've put a few links in the panel to the right. It doesn't matter how secure and 'unguessable' your password is though if you then share it, or write it in an obvious place. You will use passwords in connection with many activities in life. Open University students will use one to access the University's resources that you have signed up and paid for.

Computers can (and should) be password protected to protect files (see section below)

Some 'spyware' installs software to keep track of everything that you type, including passwords, so that's another reason to make sure that you follow carefully the principles set out on the main page of this website. Your passwords give access to all the important things in your life - bank accounts, systems you have paid for, and if they are used by another person without your knowledge, you can lose out badly. If someone can carry out activities in your name - perhaps against your interests - it may cause you embarrassment at the least, or financial loss. Hackers could open credit cards in your name, apply for loans, or pretend to be you in an online chat session.

Password Links


Sophos Video describing a technique for creating secure passwords

The weakest link...

User Passwords are the weakest link in any security system. This guide to good practice will help you to maintain good security, both for you, and for the University if you are a student. Remember, if our systems are compromised we will be forced to isolate them whilst they are purged and cleaned up, reducing their availability to staff and students alike.

Should I write it down... ?

If you can, choose something you can remember without having to write it down. However this should NOT be something that is easily guessed, such as your first name, surname, staff number or nickname. Neither should you use relative's names, pet's names, favourite things or anything else that would be obvious to someone who knows you, or who has taken the time to do some fairly basic research on your background. If you can't remember all your passwords, current thinking suggests it does no harm, indeed it may be a good idea, to write your passwords down - provided you put them in a safe place and/or disguise them. Doing this makes it more likely that you will chose a complex password and (more importantly) that you will use a different password for each organisation and service for which you have an account. That way, if one gets compromised, the others are still safe.

What shall I choose... ?

Choose something as long as possible - remember the longer it is the harder it will be to crack. A password of eight or more characters is significantly more difficult to crack than one of just six.

Choose a phrase or word-stem combination that cannot be found in a dictionary (of any language) or by a spell-checker. Hackers frequently succeed by systematically trying dictionaries and other word lists using an automated program. You could choose the line of a song, poem or similar, and take the first letter from each word. Example "If music be the food of love play on", becomes "Imbtfolpo".

Add non-alphabetical characters (such as 0 to 9 $ _ - etc.) into your password to increase its complexity. But choose these to an easily remembered formula - so that once again you can remember it without writing it down. Please DO NOT use l ", (pipes, double quotes or commas), or any character not found on a standard keyboard.

If you use a mixture of upper and lower case characters, be very sure that you know what you have done or follow a very simple rule, as mixed case words are much harder to remember and to type.

Do not save your password into the Password box of the setup screen since this is a security risk if others have access to your computer or if your computer is stolen.

Choose something that you can type in quickly so that anyone looking over your shoulder is unable to work out what you have typed.

 

Finally...

Last - but not least, remember this is your PERSONAL username and password that provides authorised access to your personal systems and, if you are a student, to University resources.

Windows Password Login for Windows XP Home edition
(grateful Acknowledgement to the University Of Cambridge's Technical User Support Computing Service for this section)

If you currently have the 'Welcome screen logon' enabled you should disable it. (This presents every user as a small icon with their name beside it. Clicking on it enables users to login without entering a password, and is very insecure.) You should disable this before attempting to password your accounts.

Open User Accounts in the Control Panel. Select Change the way users log on and off.

Then make sure that the Welcome Screen is not ticked and click on Apply Options.

Go back to the previous screen and pick User Accounts, and then select Change an account. This will take you to a list of accounts. Choose yours and then choose Change my password.

Note: If you have not used passwords on your machine until now, your password will be blank. You should not enter anything on the Type your current password: box ie make sure you leave it blank. You should now enter an new password (not less than six-eight letters for security, and not a dictionary word or your userid, which is easy to guess), and then confirm it by entering it a second time on the line below. Click on Change Password and you will have successfully passworded your account.

You need to do this for any other accounts you have on your computer except the Guest account. You should disable this by plcking the Guest account icon from the User Accounts screen. From the next screen, choose Turn off the guest account.

Finally you may see an account called Owner from your User Accounts screen. This account is created if no user accounts were enabled when Windows XP was installed. This account must be passworded as well to fully protect your computer. You can also rename it.

The Administrator Account

The Administrator account is present on every Windows XP machine (all users are by default given the rights of an Administrator) but it is hidden. To password it (and to check that all other accounts are passworded) go to Start>Run and type 'control userpasswords2'.

Make sure that Users must enter a name and password to use this computer is ticked, and then choose the Administrator account and click on Reset Password.

You will be prompted for a password, which you then need to confirm.

 

Home Windows Updates Latest Viruses Email and Spam Resource Sites Breaking News Security Bulletins Passwords Health and Safety IT Governance Support Forum Feedback Webmasters Join our Email list

Copyright c 2005-2011 The Open University
Faculty of Mathematics, Computing and Technology
Last modified: Thursday December 08, 2011.

N.B. This website contains links to other websites which are not operated by the Open University. The links are made in good faith, but the University cannot accept any liability for the content of external sites. The fact that an external site is linked to this one does not imply any endorsement of products or services offered from those sites.

Internet Storm Center Infocon Status