Frequently Asked Questions
Passwords and Expiration
The Need For Strong Passwords
Hackers are continually probing for vulnerable accounts, accounts which can then be used as a stepping stone for launching attacks on other accounts or systems. Thus, even if your account doesn't have anything particularly private or sensitive on it, access to your account represents an extremely valuable "foot in the door" to the bad guys. Strong passwords play a key role in helping keep those cyber intruders out.
Why do passwords need to be strong?
One approach hackers use is a so-called "dictionary attack," trying one word after another with the expectation that users at many sites will pick a word in the dictionary for their password. Some particularly determined hackers may use a merged copy of all word lists they can find (whether English words, slang, technical terms, or foreign language words).
Why do passwords need to be so long?
The five-character password I tried was rejected for being too short!
Another approach that hackers take is a so-called brute force attack. They simply try every combination of letters, numbers, and symbols that can be used as a password. The shorter your password, the fewer the combinations they need to check. That's why Darton College insists on a minimum password length, and we suggest using something besides only lower case letters. We need to make sure the bad guys have to try combinations including upper and lower case letters, numbers and special symbols.
Why do I need to periodically change my password? I use that password on all my accounts!
We do indeed make you change your password every 90 days for Windows/Email accounts, and we do so for a number of reasons:
- If you're required to change your password at least every 90 days, someone who's hacked your password and has been accessing your account without your knowledge will immediately be shut out once your password is changed.
- If you change your password at least every 90 days, hackers who may be trying to crack your password using brute force (as described above) basically need to start over because your password may now have been changed to some pattern they've already tried and rejected.
- Forcing a password change also discourages users from using the same password on multiple accounts. (Using the same password on multiple accounts is bad because then your password is only as secure as the least secure of the systems sharing that common password, and if your account does get compromised, the bad guy suddenly has access not just to one account, but to multiple accounts, magnifying the scope of the problem).
Use a FREE Encrypted Password Program to Store Your Passwords
There are several highly regarded FREE programs that you can download from the Internet that will provide you with an exceptionally safe place to store and retrieve your various passwords. By using one of theses, you need only to remember a single password (the master) in order to gain access to all the others. The master is encrypted with 128-bit technology which makes it virtually impossible for a cracker to read.
Password Safe is a free program you can download at:
You may want to put this on a USB device you can keep with you.