Not-so-secret passwords open doors to information theft

Between Bruin OnLine, MyUCLA, Facebook, online banking and online shopping, students leave the fate of their identity, personal information and finances in the hands of a password.

According to Jackie Reynolds, the director of campus services for administrative and information systems, and Robert Kilgore, the director of operations for MyUCLA, these passwords are often poorly protected and easy to break.

Reynolds explained that a student’s password and login serve as a gateway to personal information, and she advises students to protect their passwords as much as they would protect their personal signature and identity.

“Your login and password is a perfect replica of your signature,” she said.

Both Reynolds and Kilgore stress the importance of never using the same password for all Web site accounts.

“If a hacker is able to break your MyUCLA password, they will start thinking about you as a person and a student.” Kilgore explained. “They will think of the Web sites and banks that you as a student would be using and instantly try all of those,” he said.

Kilgore added that if a student’s ATM PIN is the same as their MyUCLA password, the hacker will have access to one very important piece of information with several uses.

Reynolds said it is essential to create a password that hackers cannot break quickly. Both administrators agree that a password should never be less than six characters or a single word. According to a BruinTech Seminar series, a three-letter password can be broken in merely .02 seconds.

While it is important to create a password that is difficult for hackers to break, Reynolds said students can make a complex password without doing anything too tricky or difficult to remember. She suggests choosing the first letter of every word from the first line of your favorite book or song and then adding in a number or a symbol.

Kilgore explained that birth dates, names of pets, names of parents, anniversaries or anything else that is easy to guess make poor passwords.

On the other hand, a strong password consists of a combination of upper and lower case letters, numbers and at least one special symbol. A password that is six characters and contains each of these elements takes eight days to break.

Kilgore suggests using numbers in place of vowels and exchanging the numeral zero for the letter “O,” and he emphasized the importance of always using special characters. He also advises students to create an easy way to remember a number they can continually use in different forms and variation.

“Pick dates and years that mean something to you, but that no one else will know,” he said.

If it is necessary to write a password down, she suggests not storing it in obvious locations and especially not near a computer.

Kilgore added that writing a password down on a post-it note is extremely dangerous.

“Students who write down their passwords might as well give away the key to their dorm or apartment. You have given (the hackers) everything they need to get in,” he said.

Both Reynolds and Kilgore also advise students to think long and hard before giving their information to friends.

“People in certain moments and times think that they can give their password and login to a friend,” Reynolds said. Sometimes, however, the worst damage can be done by “ex-friends.”

Kilgore simply says students should not give access to anyone.

“A friend today can be an enemy tomorrow,” he said.

Michelle Lee, a second-year biology student, acknowledges that many students simply close Web pages without logging out of their accounts. This allows others to access the same information without any password at all.

“I’m very careful about logging out of all accounts when finished online, especially on public computers,” Lee said.

Reynolds suggests that students take one more step in protecting their identity and personal information by securing computers, cellular phones, PDAs, Blackberries and other such equipment with logon passwords. It is essential for students to secure computers and cellular phones if they store social security numbers, driver license numbers and other such information in those devices.

“You usually don’t know that your password has been stolen until something malicious is done under your name, and this is why it is important to take up-front precautions,” Reynolds said.

Leave a comment

Your email address will not be published. Required fields are marked *