Passwords why

We all have a responsibility to keep our information secure. These guidelines will help you avoid most of the pitfalls you may encounter along the way.

Contact the University. Jump to Main Content Jump to Navigation. Login uoZone Brightspace VirtuO. Search uOttawa. Search one of the following. Entire site Library Employee directory.

Information Technology. Passwords provide the first line of defense against unauthorized access to your computer and personal information. There really is no great password, but if you must use a password, and only a password, then there are two main things to consider:. Make your passwords as long as possible.

The XKCD graphic below illustrates the benefit of using a passphrase over a traditional password. What about complexity? We surely can't throw out the numbers and symbols! Sure we can We still see complexity requirements, and I think they're here to stay for the near future. We all have audit requirements and security administrators who are set in their ways, but someday those annoying numbers and symbols should be gone forever.

What about the day reset? Well, the three-month reset was instituted just in case a password was breached. By resetting it periodically, the bad guys would only have access to it for a maximum of 90 days. Because of this, we now recommend you change your passwords when there is confirmation of them being breached.

Try HaveIBeenPwned. Tips for Better Passwords. In short, on behalf of Information Security Departments everywhere, I apologize for making you remember terrible passwords. From here on out, remember these simple tips for better passwords:. Stay safe,. Because people recognise pictures better than they remember words, so-called graphical passwords request users click certain points on an image in a certain order.

The efficacy of this approach is still being worked out. Although he points out that most online businesses typically want to offer consumers the path of least resistance to gain access to their sites. So does the password have any future, especially given the advent of the internet of things, which only looks like making cybersecurity breaches more widespread?

This layered security approach is unlikely to come in the form of biometrics, which are themselves not completely secure and, when stolen, irreplaceable, unlike a password. Or at least not just biometrics. And this is a device most of us already carry and increasingly use to access the internet anyway: our smartphones. But now such devices also operate their own fingerprint or facial recognition systems. Features limited to high-end, expensive phones just five years ago are increasingly commonplace and accessibly priced.

Since Microsoft launched its Windows 10 operating system last year, such password-free authentication is starting to come to desktops too. Device geolocation — if users are willing to share such information — is potentially another added layer of security. Indeed, in a sense this more efficient device-led proposal is akin to the way in which an ATM requires both PIN number and the physical bank card.

It works because people want a much easier engagement with business that have secured sites and the ease of use is better for business too.