PASSWORDS MADE EASY
The objective of creating a strong password is to make it difficult for cybercriminals to identify it, whether it be educated guesses or automated attacks using software tools. Further increase your security by having a unique password for each account.
Strong Passwords Contain:
- 8 or more characters (longer passwords are stronger).
- At least one upper case letter.
- At least one number.
- At least one special character (#, -, %, _, @).
- Not contain common words found in the dictionary.
- Not use predictable patterns or personal information.
- Be unique for each account so that if one of your accounts is compromised, the rest will still be secure.
Weak Passwords Contain:
- A word that is found in the dictionary.
- The user's account name or part of their account name that exceeds two characters in length.
- The user's full name or part of their full name that exceeds two characters in length.
- Information about the user that is easy to uncover such as a pet's name, phone number, address, birthday, anniversary, child's name, etc.
Remember your MyMRU password is also used to access Gmail and Blackboard and login to your computer.
Create a Strong Password
The strongest passwords are random and only make sense to the user. Use the following methods to generate a strong password:
Create a Passphrase:
Come up with a phrase that is at least 10 characters long.
Replace the spaces with special characters.
Capitalize at least one letter.
Replace one or more letters with a number or add numbers. The goal is to make sure none of the words can be found in the dictionary.
I like black tea
i#like#black#tea
I#likE#blacK#teA
l#lik9E#blac9K#te9A
Take the Letters from a Passphrase
Come up with a phrase that has at least 8 words.
Capitalize at least one letter.
Add numbers or replace letters with numbers.
Add special characters or replace letters with special characters.
the black dog ran after the black cat = tbdratbc
tbDratbC
1bDra1bC
#1bDra1bC%
TWO-STEP VERIFICATION
Two-Step Verification requires your password and an additional verification code or a response to a message that is sent to your phone to log in. Once it is enabled, correctly entering your password sends a single-use code or a message to your phone. You must either tap yes to the notification or enter the code before you can access the account.
Note: If you receive an unexpected text requesting a response, your account password has been compromised.
Use Two-Step Verification
Some accounts like Gmail, Facebook, and Yahoo offer Two-Step Verification to their users. There are two advantages to Two-Step Verification:
- Even if your password is compromised, cybercriminals cannot gain access to your account.
- If your password is compromised, you will know immediately when you receive the verification code or notification.
Use Two-Step verification whenever it is available. Refer to the Two-Step Verification Using Google Chrome section in this document to learn how to enable it on your @mtroyal.ca Google account.
Protect Passcodes and Accounts
There is no valid reason to give anyone complete access to your account. If someone needs access to your email, files or an application IT Services can give them access without your password being compromised.
If you are currently sharing your password, please stop and contact the Service Desk. Let them know what your colleague needs access to and why. They will be happy to come up with a solution that allows access but maintains the security of the network and your data.
Passwords should be stored securely in a locked drawer or cabinet. A password manager such as KeePass 2.0 can also be used.
Store Passwords
If you are having difficulty remembering multiple passwords, use a password manager like KeePass. The KeePass software can be accessed on every workstation at Mount Royal University and can be used to generate and store passwords.
All data in KeePass is encrypted and unreadable without the master password. Even if the program is compromised, the information inaccessible without the master password.
KeePass can also be downloaded and installed for free on your personal computer or at home by visiting the site: https://keepass.info
USING KEEPASS
One of the keys to keeping data safe is to have a different password for each application and website that you use. However, it can be difficult to remember all those usernames and passwords.
KeePass is a password storage tool. It works by creating a database which stores all your username and password information for easy retrieval. Because they are stored, you do not have to remember them allowing you to create passwords which are very strong and making it easier to have a different one for each application or website.
KeePass is located on every computer at Mount Royal and can be found by clicking the Start icon and then selecting All Programs.
Step 1: Create a Composite Master Key
Before you can use KeePass you need to create a Master Key. The only two passwords you will have to remember is your password to login to your workstation and the Master Key. All the rest can be stored in KeePass.
- Open KeePass The Create Composite Master Key dialog box appears.
- Enter a password in the Master password field. The Estimated quality bar indicates password strength.
- In the Repeat password field, re-enter the password.
- Click OK
Step 2: Create a Password Database
Once you have created a Master Password, you need to create a database to store your passwords in.
- Click the New button on the toolbar. The Save as dialog box appears.
- In the Filename field, enter a name for the database file.
- Select a location for the file.
- Click Save.
- In the Database name field, enter a name for the database.
- Click OK. The dialog box closes, and the database window appears with two sample entries.
Step 3: Add Entries
Create individual entries for each password you use.
- Click Add Entry.
- In the Title field, enter a title for the entry.
- In the User name field, enter a username.
- In the Password field, enter a password.
- In the Repeat field, reenter the password.
- Click OK.
Note: Make note of where the file is saved and the filename. This is the file you will need to access your passwords.
Step 4: Edit Entries
Once you have created a Password Database, you may have to edit entries after changing login information.
- Right click on an entry.
- Select Edit/View Entry.
- Make your changes.
- Click OK.
Note: To delete an entry, press the delete key on the keyboard and confirm.
Logging in Made Easier
KeePass makes logging in easier. You can either, copy and paste the password stored in KeePass or you can use Auto-Type. If you copy and paste the password, the password stays in the clipboard only for about 12 seconds. After 12 seconds it is deleted, and you have to recopy it.
ENABLE AUTOTYPE
How to Enable Auto-Type in KeePass
Autotype in KeePass automatically enters your username and password to login.
- Open KeePass.
- Go to the page you want to login to.
- Click in the Username field.
- Press CTRL + ALT + A on the keyboard. KeePass logs you in.
USING A PORTABLE VERSION
Creating a Portable Version & Synchronization
If you are using KeePass on multiple devices and would like to keep all you. Creating a Portable Version and Synchronization.
- Find KeePass Database files.
- Copy these files to a portable drive.
- Create the new portable database using the same master key.
- Synchronize data base
