Passwords
One of the most common ways hackers gain access to personal information is by cracking passwords. New tools allow attackers to test substantial amounts of password “guesses” on thousands of computers, and it only takes one correct attempt to cause irreparable damage.
Your online accounts – including your GatorLink – hold a plethora of personal information that could allow hackers access to your files, money, or identity, as well as those of your school or employer! Even seemingly inconsequential information can be dangerous in the wrong hands; social engineers can weaponize small details about an individual by using that information for impersonation, thereby gaining access to much more sensitive information.
The first step in protecting yourself from these attacks is following sound password practices. Read on to learn more about the best ways to set and enhance your passwords.
Need to update your GatorLink password? Visit the GatorLink Account Management Portal.
Setting Strong Passwords
There are two main categories of passwords to consider: traditional and passphrases. Both can sufficiently protect your accounts when configured correctly.
Traditional Passwords
The table below shows the estimated time it would take an attacker to guess your password, based upon it’s length and composition. As shown, longer and more complex passwords are strongest.
| Number of Characters | Numbers Only | Lowercase Letters | Upper and Lowercase Letters | Numbers, Upper and Lowercase Letters | Numbers, Upper and Lowercase Letters, Symbols |
|---|---|---|---|---|---|
| 4 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 5 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 6 | Instantly | Instantly | Instantly | 1 sec | 5 sec |
| 7 | Instantly | Instantly | 25 sec | 1 min | 6 min |
| 8 | Instantly | 5 sec | 22 min | 1 hour | 8 hours |
| 9 | Instantly | 2 min | 19 hours | 3 days | 3 weeks |
| 10 | Instantly | 58 min | 1 month | 7 months | 5 years |
| 11 | 2 sec | 1 day | 5 years | 41 years | 400 years |
| 12 | 25 sec | 2 weeks | 300 years | 2k years | 34k years |
| 13 | 4 min | 1 year | 16k years | 100k years | 2m years |
| 14 | 41 min | 51 years | 800m years | 9m years | 200m years |
| 15 | 6 hours | 1k years | 43m years | 600m years | 15bn years |
| 16 | 2 days | 34k years | 2bn years | 37bn years | 1tn years |
| 17 | 4 weeks | 800k years | 100bn years | 2tn years | 93tn years |
| 18 | 9 months | 23m years | 61tn years | 100tn years | 7qd years |
- All passwords must contain at least 8 characters, though using 14 or more will make your password hack-resistant
- Do not contain words found in a dictionary, or the name of any character, person, product, organization, or media
- Combine uppercase letters, lowercase letters, numbers, and symbols
- Avoid common substitutions of letters (such as 0 for o, or $ for S), as password crackers know and frequently guess such replacements
- Make them significantly different than your other passwords
- Mix up the order; do not put all the symbols and numbers at the end of the password
- Do not contain anything easily associated with you including:
- Name
- Birthday
- Address
- Username/ID number
- Phone number
- Names and birthdays of relatives and friends
- Names of your pets
- Any other information that could be easily found about you, such as what you have posted on your social media accounts
A good idea for creating strong passwords is to combine a letter (or a few letters) from each word of a memorable phrase. For instance:
- Phrase: His father drove a green 1975 Ford Maverick
Password: HFDaG1975Fd-Mvk
- Phrase: Jack and Jill have two orange tabby cats named Whiskers and Tuna.
Password: J&Jh2OTcnWs&Ta
Passphrases
Pick four random words,
That's a strong password.
GatorLink accounts can use such passphrases, but not all external websites support them just yet. Additionally, note that the sample above is not completely random and should not be used as a password.
- Make them difficult to guess, even by someone you know
- Choose at least 4 words for your passphrase
- To make your passphrase extremely secure, use at least 6 words
- Do not worry about the character count of your passphrase, what matters is word count & randomness
- Make sure the words you choose are sufficiently random and unrelated to each other
- “TheDogGoesWoof” is a weak passphrase
- “SparkleShimmerShineDiamond” is also a weak passphrase
- Make them easy for you to remember
- Include uncommon words in your passphrase
- For added security, insert a character or number between two of the words
- Consider using the Diceware word list (see the Using Diceware section) to create truly random combinations of words
Storing Passwords
Once you have created a strong and unique password, safely storing it is critical. Below are some tips and solutions for the safe storage of your passwords:
It is important to note that UF policy forbids any digital storage of passwords used for UF business, including GatorLink passwords.
Short Video Explaining Strong Passwords
Next Steps
Setting up a strong password is a great first step in securing your accounts. However, it is not the only step you can take! If you are reading this, you are likely familiar with Multi-Factor Authentication (MFA) with Duo Mobile. UF requires MFA because it helps protect your GatorLink account from phishing emails, password cracking, and other cyber-attacks.
A good idea may be to enable similar MFA methods on your other accounts, including your personal email, bank, and social media accounts. Doing so adds an additional layer of protection. Brainstation has an in-depth guide on using MFA, and the 2FA Directory publishes a list of popular services that support MFA, with links on how to enable each.
For a general guide, check out the brief video below for a tutorial on the process of enabling MFA on your personal accounts:
Configuring MFA on your personal accounts can be a critical choice in protecting your accounts from compromise. It will require some extra effort compared to a password-only login, but in today’s evolving cybersecurity landscape, that effort can make all the difference in protecting your identity, financial information, and even your image.