 Welcome to the Data Management video series from the University of Wisconsin Data Services. I'm Kristen Reidy of the Data Services Librarian here at UW Milwaukee. In this video, I'm really excited about it because we're going to be talking about passwords. And you might be wondering why passwords have anything to do with data management. But really, data management is about keeping your data safe. And basic computer security keeps your computer safe, thus keeps your data safe. So passwords are part of that. Passwords are a way to prevent unauthorized access to your content. And thus, your data is safer. So we're going to be talking a little bit about passwords and what makes a good password. But we need to take a step back first and talk about the ways that people can get access to your passwords. Because that really informs what your password should look like. So there's a few ways that people can get access to your password. The first is you just give it to them. And this can happen by giving your password to a friend, or you can fall a victim to a phishing attack, or however they get your password, they now have it. So the first rule of passwords is under no circumstances should you share your password. It's yours, you should keep your information safe, don't share your password. The other two ways that people can access your password are through guessing and brute force attack. So the first guessing is when someone looks through a list of the most common passwords and says, I'm going to trial these until I guess the password, because probability says your password might just be password, which it shouldn't be. Brute force attack, on the other hand, takes a computer and it goes through, and it goes through systematically and tries all the variations until it stumbles upon your password. So really, you need a password that is not obvious, that will stand up to guessing, and also is complex, so it'll stand up to brute force attack. So how do we actually make passwords that do that? So I told her at the beginning of the video that I'm excited about passwords, I find them really interesting, and you might be admiring my dress a little bit, or you should be because this is my bad password stress. I bought this fabric online, it was created by a security researcher, and she looked at the passwords from a recent website hack and did a word cloud. So the bigger the word, the more common the password. So she was looking at obvious passwords. So you can see passwords like 123456789 and password, princess, I love you. Other examples are monkey, Superman, QWERTY, ABC123, things like that are really commonly used as passwords, and therefore you shouldn't be using them as a password because they're easily guessed. So really trying to avoid passwords that are commonly used and easy to guess, but you should also avoid passwords that are easy to guess if somebody knows a little bit about you. So for example, you should avoid a password that is your username, your birthday, your significant other's first name, your pet's name, your favorite sports team, things like that. So if I know a little bit about you, I'm going to guess that your password is X based upon what I know you like. So really when I say non-obvious passwords, I mean passwords that everybody isn't using, passwords that wouldn't be obvious for you. So really try to come up with a password that is non-obvious. The second criteria for a good password is complexity. So complexity means it needs to be of a certain length and have a certain number of character types in your password. So for current computational ability, we're looking for passwords that have at least eight characters or more. So that longer character length is going to protect your password against computers randomly trying out a bunch of passwords. The complexity in the character types means you should have uppercase letters, lowercase letters, symbols, and numbers. So the more types of characters you have, the more complex your character is, your password is, the more difficult it is for a computer to stumble upon it. Realize there is a little bit of trade-off. So if you have an eight-character password, you really should be using all four character types. If you have a 20-character or 25-character password, you can use all lowercase letters. So what you lose in complexity in character type, you make up for complexity in length. So really you have some variation there, but really looking for a complex password. So with these parameters, how do you actually come up with a good password? Something that you'll remember. So there's a few strategies I can recommend. The first is to string a few words together. So a single word in the dictionary is not good because it's susceptible to a dictionary attack. So you just try a bunch of words that are words and can guess a password. So let's say we'll string three words together and then we can throw in a couple characters of symbols and numbers and whatever until you come up with a more complex password. So that is one method. Another method that doesn't fall victim to the dictionary attack is to come up with a fake word, a nice long fake word that you can pronounce which helps you remember it, but is not going to be in the dictionary and people aren't going to necessarily try as their first bet for your password. A third strategy is to abbreviate a phrase. So let's take, it's the end of the world as we know it. And let's take the first letter in each word and let's see, we'll capitalize every other letter and throw an exclamation point on the end. It's a pretty decent password and something that you can remember. So those are a few strategies for coming up with a password that is complex and non-obvious. Do realize that it's actually recommended to have different passwords on different sites, but you can use what's called a password manager and these are becoming more common and they're a place to store all of your passwords and put them behind a password itself, another password to keep your password secure. It's not like writing down on your password on a piece of paper which can be lost or stolen. So password managers protect your passwords and our password protected themselves. So just another tool in your arsenal to avoid using the same password on multiple sites because if one site's hacked you can use your credentials again on a different site and then all of your information is compromised. So with that I want to recommend that again that you don't share your passwords, that's the first rule of passwords, but also I hope you go out and use this information to create non-obvious passwords and complex passwords and really do good things with your computer security to protect your data.