Internet security

By Harry Pontiff

When I arrived at Macalester nearly 3 years ago as Macalester’s first Information Security Officer, my initial impression was dominated by the maturity and responsibility of the entire Macalester community—particularly the students. This maturity also soon explained why Macalester finds persuasion and education to be a more effective philosophy for providing guidance and directives (what most organizations call “policy mandates”) for all kinds of institutional activities. October is National Cyber Security Awareness Month. This initiative is part of a non-profit public-private partnership focused on cyber security awareness and education for all digital citizens. In the spirit of the maturity described above, over the next few weeks we will be providing basic tips for providing a safe computing environment that protects your sensitive information, including proprietary research, financial records, grades and personally identifiable information. Watch for these tips in this space and in the Daily Piper. This year’s theme, “Our Shared Responsibility,” reflects the notion that no one person, department, or college is responsible for the security of the Internet; everyone must do their part. The first tip for this month is use a passphrase instead of a password for better security. Current research suggests that, in terms of providing security, a password’s length far outweighs other factors, including complexity and frequency of change. Using a passphrase instead of a single password has been found both more secure and easier to remember. This is because passphrases use ordinary words, provided they are random enough to foil simple guessing. This is also what provides the length. A passphrase such as “battery-staple-Burma-correct” would be easy to remember and with 28 characters, plenty long and therefore strong.

Spaces are not allowed because of technical limitations. Passphrases should be between 15 and 30 characters long. Any of the following special characters can be used: % * + – : ? _

See the ITS Safe Computing Website for more information:
refresh –>