Password Security

Posted: June 30, 2015

Worst. Passwords. Ever. Or at least in 2014. Splash Data, a leading provider of security applications and services compiles an annual list of worst passwords. While Penn State password security policies would forbid these worst passwords maybe it is time to review and maybe reset your password.

The combination of your username and password unlocks the door to your computing environment.  Since we are all linked together, it unlocks one of the doors to the computing environment of every other student, faculty, staff and administrator of the University.  Your username – abc123 - is available to the whole world, free for the asking, and so your password becomes one of the most important components of our network security.  Just like losing the key to the door to the office building puts everyone at risk even if they have individual office doors, so compromising your password puts the system at risk even if each of us has our own password.  Our passwords are one of the most vulnerable components of our network security since they are seen as annoying and frustrating and we all wish to make it simple and easy to remember.

Most passwords at Penn State and in the College of Ag must be changed annually, but you are welcome to change them more often.  There are a number of good sites with tips for creating passwords, including this site at Penn State:

As important as it is to create and use a complex password that is hard to guess or for a computer to crack, it is just as important – maybe more important – to keep the password secure.  Don’t post it to your monitor, don’t paste it to the keyboard and don’t hide it under the mousepad.  And never, under any circumstances, give it to anyone.

The top 10 worst passwords of 2014 as determined by Splash Data from stolen data leaked to the internet?  123456; password; 12345; 12345678 (seeing a pattern yet?); qwerty; 123456789; 1234; baseball; dragon; football.  (