Password Tips

We strongly encourage you to use different passwords for all of your sensitive information accounts.  For example, use a unique password for your email and online banking accounts.  Using different and unique passwords for each account helps to minimize the impact in the event that an someone gains access to one of your accounts.

Use a variety of numbers, symbols, upper and lower case letters in your password. Using a mixture of up to 12 characters to craft your password creates an extremely large number of potential combinations and makes your password much harder to guess.

While creating your password with a mixture of numbers, symbols, upper and lower cases, don't use personal information.  Pick a random sentence and use the first letter of each word, along with punctuation, as the password.  For example, "Fred And Wilma Like To Have Ham And Eggs For Dinner" would become "F&Wl2hh&e4d.".  Please don't use the example as your password.  Avoid simple passwords like "password1234" or "abcd1234", thieves know people use those passwords and try them first.  It makes their job easier to gain access to your accounts, by using common passwords.

If the website allows you to create your own security questions, try to create a question/answer that can't be answered by searching your Facebook or blogging websites.  If the website provides a list of questions for you to choose from, use a mixture of letters, numbers and symbols in your answer.  This will help protect your answer because the intruder won't know the special combo of characters you used to answer the question.

Another alternative to a conventional password is to use a sentence or phase as a password.  This is a simple way to create a long password that is easy to remember.  The use of sentence or phrase makes it more difficult for an attacker to steal your login information so they can gain access to your BGSU account.  In addition to your BGSU account, the BGSU Information Security Office recommends using this technique on your other personal accounts.

The number one thing not to do is write down your password and store it near your computer or in a location that is not locked.  Whether it be a post it note or a piece of paper taped to the bottom of your keyboard, avoid these common mistakes and secure your passwords.  If you store your passwords in a file on your laptop/computer, encryption software should be used to encrypt the file.  Password managers are also a good option to protect passwords (see more under Other Security Suggestions below).  The more difficult you make it to get your passwords, it increases your odds intruders will move on to an easier target.

Our office strongly encourages you to use Two Factor Authentication protection whenever possible/available.  The process requires you to enter your username and password, but after you submit them you are notified on your mobile phone via a text or phone call.  Once you approve the request, you are granted access to your account.  The multifactor authentication is the latest technology used to protect your account, because it includes something you know (password) and the approval notification on your mobile device.

Currently, the following critical services are protected by Two Factor Authentication:

• MyBGSU Portal
• VPN

In addition to the above services, BGSU users enable Two Factor Authentication for their BGSU email accounts.

For more information on Two Factor Authentication at BGSU, and instructions for enrolling in Two Factor for email, visit www.bgsu.edu/2factor.