We all understand that passwords are the gateways to areas within our digital lives and that they should never be shared with anyone if we can help it. However, even if we never share our passwords, they remain vulnerable to cyber attack.
Higher ed data is among the most valuable data sold on the black market. The cost of a data security breach in higher ed is around $260 per record, higher than that of other sectors, reported the Ponemon Institute in 2017. Multiply that by your college’s total enrollees (not to mention faculty and staff) this fall and it’s easy to see how quickly costs rise. What’s more, malicious or criminal attacks make up 47 percent of data breaches worldwide.
One thing colleges can do to prevent data breaches is teach students, faculty and staff about how to create strong passwords. Then, encourage them to change their passwords at least once a semester.
One of the reasons why passwords are an easy way in for hackers is that hackers have sophisticated tools to infiltrate your private information. But, hackers are opportunistic. They will only attack individuals who present themselves as easy prey. Developing and using weak or easy-to-hack passwords is the quickest ways for a cybercriminal to infiltrate and disrupt your students’ or employees’ lives.
One problem is that when we create a strong password, we sometimes make them too strong for even ourselves to remember. But if passwords are too easy, then hackers can quickly crack them. Here are some interesting statistics on passwords:
- A password of Snagarandomselectionofwordstoputintoacustommadeupphrase, will take a hacker 238,378,158,171,207 quadragintilion years to crack using brute force.
- A password of College123 takes about 2 hours to crack.
With any password you create, it is recommended that you base the password on a combination of words or a short phrase. Keep in mind that the longer a password is, the longer it will take a hacker to crack. Below are some tools you can use to make passwords both strong and memorable enough so that you don’t have to look them up each time.
Bruce Schneier's Method:
- Take a sentence or phrase and turn it into a password.
- Take the words from the sentence, then abbreviate and combine them in unique ways to form a password.
- Example: I Like Green Eggs and Ham – 1LikeGr33nEggs&Ham
Mix and Match with alternating letters and numbers
- Take a word or phrase and mix it with a number you can easily remember.
- Example: Take the dog’s name, Spike, and mix it with the last four digits of your phone number, 3561 – S3p5i6k1e
A good rule of thumb is to change passwords at least twice per year. Also, it’s a good idea to use different passwords for different systems. That way, should a hacker guess one system’s password, they won’t have access to all you do.
Here is a short list of digital tools to keep in mind:
- Learning Management Systems (LMS)
- Libraries or research sites
- College accounts used by students, faculty, alumni and other employees
- Social media
- Personal email or messaging apps
- News resources, blogs or forums
- Subscription sites (Hulu, Netflix, Spotify, Pandora)
- Retail and other online sites from which to purchase books, event tickets, travel or apparel
Educate Students and Employers to Strengthen Data Security
Be sure to include password protection in your student onboarding process. Educate your employees on the importance of password protection and don’t rely too heavily on automated prompts to change a password. Not all applications and systems require it. In this way, your college can close the gaps that hackers try to slip through.
Contributor: Special thanks to Mark Relf, manager of information security with Collegis Education, for his help in researching and writing this article.
 Ponemon Institute: “2017 Cost of Data Breach Study” June 2017, p. 13.
 Ponemon Institute: “2017 Cost of Data Breach Study” June 2017, p. 14.