��ū�컨��

00:03

Hello everyone I’m Mary Gower. Today we’re joined by Kaitlyn Malloy, ��ū�컨�� Security Analyst at the University of Alaska system, Office of Information Technology to discuss password security.

Exploring password security is more than just creating easy-to-remember passwords, especially now that the era of using something like "123456" is far behind us.

As we recognize the growing sophistication of hackers, including their use of AI, it's essential that we understand what truly makes a password strong and secure. This is even more urgent and concerning with so much personal identity information ending up on the dark web.

Kaitlyn, how does all this impact our approach to crafting passwords, and could you provide key tips to ensure our information remains as secure as possible?

00:16

Yes, this is really important. When it comes to creating passwords, it's more than just picking any old combination of letters and numbers. We need to think about what makes a password really strong and safe.

Recently, hackers have become more adept and are leveraging advanced technology to infiltrate various systems. Here at the university, these systems contain valuable data such as research findings, student records, and intellectual property. Hackers use artificial intelligence to exploit weaknesses in security protocols and gain unauthorized access. 

And, as you mentioned, this can also be a big worry personally because our own identity information can end up on the dark web.

So, let's talk about a couple of tips to keep your information safer.

The length of your password is crucial. While a 12-letter password may seem lengthy, it might not be sufficient to deter hackers. Aim for longer passwords, ideally 14 characters or more, for enhanced security. 

Additionally, incorporate symbols like exclamation points or hashtags to add a layer of protection. For instance, a 12-character password using only letters is quickly crackable, but a 14-character password incorporating numbers, symbols, uppercase, and lowercase letters is currently estimated to take millions of years to crack. Integrate a special character within the password itself, such as replacing an A with the @ sign, or a zero for an O.

Be unique. Yes, it is absolutely a security risk to use the same password for all your accounts. Never reuse a password, even if it has been unused for some time. And, I know most of us have done this, but just adding a new number to an old password is not sufficient. 

02:33

Three key ways passwords get hacked are by credential stuffing, dictionary attack and by brute force.

In credential stuffing, an attacker takes login credentials obtained from a breached account and tries the same email and password combination across various accounts and websites. This technique is particularly potent because many individuals reuse passwords, and if one password is leaked in a data breach, it can be exploited across multiple platforms. This is why it is SO important to not reuse the same password.

In the next way, brute-force uses a program to systematically try different combinations of letters, numbers, and symbols at a much faster rate than a human could ever manually attempt. A hacker can test up to 100 billion potential passwords per second. If your password is simple or commonly used, it is likely to get hacked.

Next, and similar to brute-forcing but more intelligent, a dictionary attack checks words from dictionaries, company names, sports teams, and other common terms. This method allows hackers to crack passwords even more rapidly by leveraging known words and phrases.

03:39

Change your passwords at least every six months and consider using a password manager like Keeper or other available options to help encrypt, store, and manage your passwords. More information on password managers is available at the OIT website /securitymatters/training/password_managers.php.

03:51

If you need further assistance, including individualized help, contact the Office of Information Technology (OIT) Security using the provided contact number (907-450-8900) or visit the OIT’s website /oit/.