The university’s requirements for creative and frequently changing passwords are used to prevent phishing and other information insecurity, an information security engineer said.
Barbara McClellan, information security administrator, said that in the past, many students were phished through their university e-mail account.
Phishing is the criminal activity of attaining private information, such as passwords and user names.
According to the university’s password change website, students are required to change their passwords every 120 days.
McClellan said phishers then used those passwords to send large amounts of spam e-mail in a short time.
“In January, we had 20 people phished, which resulted in over 120,000 spam e-mails being sent from their accounts,” McClellan wrote in an e-mail. “This caused our TCU e-mail system to be temporarily blacklisted from other [third] party e-mail systems such as Yahoo and Gmail until we could fix the accounts.”
According to an article on MSNBC.com titled “Young people dumber about online passwords,” a study by Internet security service company Webroot showed that younger internet users from ages 18 to 29 are more reckless with sharing their passwords than older web users. According to the study, 54 percent of people in this demographic have shared their password with at least one person in the past year.
McClellan said it is very important not to share passwords, not even with close friends or family. They may accidently write them down and forget to throw them away properly. The university offers a way for parents to set up accounts to access their student’s activity for another way of security, she said.
The study said the key to protecting passwords was to develop creative ones that use special characters. Using special characters such as exclamation points, question marks and numbers make it difficult for criminals to predict the password.
For safety and security, the university requires students’ passwords to be at least seven characters long and contain at least one letter, one number and one special character.
The study also said obvious passwords such as significant dates, birth dates or a pet’s name could be publicly visible on social networks and could be easily predicted by others.
Sophomore psychology major Courtney Flores said that when she creates passwords, she tries to stick with general things or activities that have happened recently in her life. She said she thinks of passwords that she won’t forget but won’t be easy enough for anyone to figure out.
Creating lengthy and special character passwords can be annoying and inconvenient, but it helps provide safety and creates difficulty for hackers to predict online passwords, she said.
McClellan said her advice to students when creating passwords for multiple sites is to keep them different from one another.
“Don’t make your Facebook password the same as your e-mail password,” McClellan said. “If one account gets phished, then another account is more likely to become phished.”
