Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

 

Monday, November 24, 2014

 
  New Resources
Travel Tips for Data Security
Free Security/Privacy Training Resources
Penn+Box
Two-step verification
Combating Malware
SafeDNS
Phishing Archive
Cloud Computing and Data Outsourcing
Best Practices for Applications with Confidential University Data
 
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Spam
Phishing
Wireless Networking
Encryption & digital signatures
 
  Best Practices
Secure desktop computing
Secure servers
Secure data deletion
Securing printers
Tips for safe computing
Computing policies
 
  More in-depth information for
Local support providers
System administrators
 
  Security initiatives
Critical host compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
Secure Space
Vulnerability Scanner
 
  Related links
Electronic privacy
PennKey
Viruses
Worms, trojans, backdoors

One Step Ahead: Almanac Security Tips

In each issue, Penn's Journal of Record, The Almanac publishes helpful tips and hints for dealing with information security and privacy matters. This page is a collection of all those published thus far.
New! You can now receive new One-Step-Ahead Security and Privacy Tips automatically!
You can subscribe via Email or RSS.


Table of Contents

Tuesday, December 7, 2010 - Almanac Vol. 57, No. 14

Longer, More Complex Passwords = Stronger Passwords: Do the Math!

By "more complex," we simply mean incorporating special non-alphanumeric characters such as @, #, &, +, % and others into your passwords whenever possible. Many of these are simply the shift characters along the top row of your keyboard. "Longer," of course, speaks for itself. Did you know that by simply expanding your password from 8 to 12 (or more) characters and using special characters in addition to alphanumerics (A-Z, a-z, 0-9), you raise the difficulty in cracking that password by a factor of more than one hundred million?

Of course, if you base your password on standard dictionary words (including proper nouns), buzzwords, catchphrases, slang, etc., you give crackers leverage which can greatly reduce the "safety in numbers" that added length and complexity afford. In short, the more random your password appears to be, the less susceptible it is to the educated guesses that crackers program into their cracking dictionaries.

To help provide this randomness, experts continue to recommend that you select your password by thinking of a sentence that has meaning only to you—it can even be nonsensical, as in the well-known example "Orange elephants invade Alaska; film at eleven." To construct your password, take the first letter from each word (maintaining case): OeiAfae. This is pretty strong, but not strong enough. Now, use special characters, digits, punctuation—and even a postal code—to add complexity: OeiAK;f@11:00. Now that's a strong password! Yet, it's still pretty easy to remember. (P.S. —"Orange elephants" is a well-known example, so don't use it for your password.)

Remember, though, even the strongest passwords are worthless if you give them away and/or write them down where people can see them (or will know where to look for them).

Heartbleed OpenSSL Vulnerability
Security and Privacy Tips for World Travelers
Filing Taxes Online This Year? Take Steps to Protect Your Information!
If your computer runs Windows XP, you must update it now!
Why Should You Report Security Incidents? And How Do You Report One?
Photo and Video Privacy Issues
The Password is Dead, Long Live the Password!
Data Privacy Month: NSA Surveillance Panel at the National Constitution Center
Protecting Your Finances During This Year’s Holiday Shopping Season
Beware of Phishing E-mails in the Wake of Typhoon Haiyan
No E-mail from Penn Will Ask For Your Username/Password or SSN
The Children's Online Privacy Protection Act: Does It Apply to Your Website?
October: National Cyber Security Awareness Month; Free Secure Disposal of Paper and Electronics
What Basic Rules Protect Student Information at Penn? (September 2013)
Protecting Privacy and Security on Penn + Box
Security Starts With You
New Regulatory Changes: Do They Apply to Your Area?
Protecting Yourself from Rogue AntiVirus Warning Scams
Security and Privacy Tips for World Travelers
Handling Documents and Data of Faculty and Staff Who Have Left Penn
Spring Cleaning Your Office? Know What to Do with E-Waste
Keep Your Identity Safe When Filing Taxes This Year
Why use Penn+Box when Storing Data in the Cloud
Mobile Device Security - 3 Recommendations for Cloud Users (Hint: That's You!)
Be Aware of QR Code Risks
It’s Data Privacy Month: Update Your Facebook Privacy Settings and More
How Are You Celebrating Data Privacy Month?
Stay Secure while Working on Public Wi-Fi Networks
Protecting Your Finances During This Year's Holiday Shopping Season
Cloud and You
Security and Privacy Online Training & Tools
October: Free Secure Disposal of Paper and Electronics at Employee Resource Fair; NCSAM
Student Privacy - What Do I Need To Know? A FERPA Reminder
Top 10 Tips for Securing Your Smartphone or Tablet
Working Off Campus? Some Tips to Consider
Not all wireless is created equal
The Virtue of Transparency
Keeping Data Safe on Mobile Devices
Keeping Data Safe on Mobile Devices
Tax Season Tip: Be careful where - and how - you buy tax software
Travel and Identity Theft - An Unfortunate Connection
Fun, Free Online Privacy and Security Resources
The Best Way to Protect Data is Not to Have It
How Are You Celebrating Data Privacy Day?
Strategies and Services to Insure Against Data Loss
As the Semester Ends, Know the Basics about Student Records
Is it Okay to Outsource Penn Data?
Vulnerabilities of Smart Phones
Protecting Information on Your Smartphone
Spread the Word: Collect Personal Documents and Computer Hard Drives for Free Shredding
Free Online Computer Security Training for Penn Faculty and Staff
Top 10's on Security and Privacy
Working From Off Campus
Perfecting PennKey Passwords
Increase in Spear Phishing Attacks Expected: Know the Do's and Don'ts
How are YOU remembering your passwords?
These Readers Are Not Fortune Tellers, They Are Fortune Stealers
Website Privacy Statements—More Important Than Ever
Know What to do if a Computer Security Incident Happens to You
Facebook Privacy Tips: Customize Button, Friends Lists
Tips to Help Defend Against Phishing
E-Mail Tips
Longer, More Complex Passwords = Stronger Passwords: Do the Math!
Shipping Data Safely
Beware of Malicious Invitations
Spread the Word: Collect Personal Documents and Computer Hard Drives for Free Shredding
Protecting Home Computers
Fake Anti-Virus Alerts a Common Web Threat
Warning: Your Printer & Copier May Store Your Confidential Data
ID Theft: A Growth Industry
Make Sure Your PennKey Password Meets Current Rules
Penn's Privacy and Security Awareness E-Learning Module: Helping You Protect Yourself & Penn
Smart Steps when Accessing Your W-2 Online
Spyware: Who's "watching" you - and why?
Secure Remote Solutions
An Ounce of Prevention is Worth A Lot
Search Engines: Raising the Stakes
You Can't Lose Data That You Don't Have
Password Cracking: The Pot of Gold at the End of the Rainbow
PennKey Opens Many Doors: Keep it Safe
Software Piracy
Collect Personal Documents and Computer Hard Drives for Free Shredding at the Employee Resource Fair
Don’t Use Excessive Privileges on Your Computer
Do You Google? Know How to Protect Your Privacy
Online Statements and Bill Payments: Safer Than Paper?
Updated Purchase Order Terms and Conditions Regarding Information Privacy & Security
Sanitize Word, Excel, and PowerPoint Docs Before Publishing
Exchange Sensitive Data Securely Using Secure Share
Facebook Sharing Can Be Broader than You Think: A Birthday Example
Managing Facebook's Privacy Settings for Safe Use
Be Careful with Facebook Apps
ID Theft: Are You Worrying About the Right Things?
What's the Half-life of an SSN?
Smart Steps When Accessing Your W-2 Online
IRS Warning: Tax Season Scams
Instant Messaging and Penn"s Jabber Service
E-mail Headers: Getting the Full Story
Reminder: Stay Vigilant About Identity Theft!
Credit Card Theft: "Skimming"
Avoid Phishing E-mails: Here's How
Beware of Phishing Scams Tied to Changes in the Financial Marketplace
Holiday Shopping, Credit Cards and Credit Reports: "Free" Isn't Always Free
Hackers and Identity Thieves Cash in On Current Events
A Reminder About Free Wireless Networks
Beyond Passwords: Strong Authentication
New Online Training: Information Privacy and Security at Penn
Filesharing Lawsuits: Not Just for Students Anymore
New List of Privacy and Security Resources
Several Types of Risks in Email
Don't Save Passwords In Browsers
Conducting an Online Survey? Be Sure You Know Who Can Access the Results
Computrace Best Practices
No E-mail from Penn Will Ask For Your Username/Password
Information Security and Privacy at Penn--2008 Year in Review
Legal Requests for Penns Electronic Records
Checking Out Hoaxes, Frauds and Spam for Yourself
Removing Your Name from Solicitation Mailing Lists
New Policy: Managing and Protecting PDA
Secure Deletion of Sensitive Information
SSN Policy Reminder–Comply, or Have Compliance Plan, by May 1, 2008
IRS Warning: Tax Season Scams
Converting SSN to PennID
Risks of End User Software Development
Strategies to Reduce Your Risk of Identity Theft
A Privacy-Sensitive Environment: A Little Awareness Goes a Long Way
Quality Assure: Who is Getting Your E-Mail
Cyberbullying–A Growing Threat to Your Children
Know What To Do if A Computer Security Incident Happens to You
Backing Up Data Regularly
Be Careful About “Free” Wireless Networks
Disappoint Dumpster Divers and Hackers -- Shred or Delete Unneeded Sensitive Data
Electronic Group Mailing Lists: Consider the Privacy Risks
Asking Your Web Browser to “Remember” You: A Dangerous Idea
Facebook, MySpace and YouTube Raise New Computer Security Risks
Is it Safe to Visit This Website?
The Right Thing to Do When You Think Something is Wrong
Password, Passwords Everywhere
Personalized Email Scams
Older Computers at Higher Risk for Security Breaches
Handling Documents and Data of Faculty and Staff Who Have Left Penn
“Phishing” and “Domain Tasting”
Working at Home and Other Remote Locations: Recognize the Data Privacy and Security Risks
Computer Worm’s Many Disguises
Website Privacy Statements
Your Life Online
Peer-to-Peer File-Sharing Software and Identity Theft
Legal Requirements for Penn Data
Bogus Warnings About Viruses and Spyware
Spoofed PennKey Sites Can Steal Your Password
SSN Cleanup Tools: Use Them and Protect the Penn Community
Cleaning Up Home Computers
Run A Security/Privacy Check On New and Ugraded Systems and Applications
When Is a PC File Truly Deleted?
Resetting Your PennKey Password
Securing Your Home Wireless Network
Want More Control Over Info? Look For Opportunities
Secure Web Browsing: Three Important Signs
Securing Data On Your Handheld Computer
Unprotected Computers Can Be "Stashes" For Illegal Material
New Back-IT-Up Service For Secure Backups
Wipe Cell Phones and Other Wireless Devices Securely Before Disposal
Student Records: Knowing the Basics
Phishing: eBay and Pay Pal
What Keeps You Up At Night?
Worried About Identity Theft? Ways To Monitor Your Credit Report
Security Patches/Updates: Usually Automatic, But Restart Weekly To Be Sure
Working From Home and the Data You Work With
Beware of Social Engineers
About Keystroke Loggers
Who Has Access To Systems?...Think About It!
Carelessness With Consequences
Find Out If Google Got Your Data - Before the Bad Guys Do
Keep Your Private Data from Showing Up On Google
The Panoptic Web
The Best Way to Protect Data Is Not to Have It
Security and Working At Home
Create Strong, Uncrackable Passwords to Foil Hackers
Your PennKey and All the Reasons to Keep It Private
Managing Passwords
Welcome back to One Step Ahead
Don’t Keep Email Around Too Long
Google Desktop: A Security and Privacy Risk
Laptop Theft
Do Not Download Sensitive Data Unless You Absolutely Have To
Spam Filtering
To Stay Secure, Keep Your Software Current
Don’t Save Passwords in Your Web Browser
Make Your Home Wireless Network Secure
Privacy of Student Records
Links Can Be Deceiving
Does Your E-mail Sometimes Smell "Phishy"?
Your Life Online
Remove Data Before Discarding Old Computers
How Secure Is Instant Messaging?
Privacy of Social Security Numbers
How Hackers Use Password Dictionaries
Beware of Dangerous Free Software
Has Your Document Sprung A Leak?
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania