The Information Security Office recommends creating strong, unique passwords for each site or online service you use. While considered a best practice beyond just Rice, this is challenging to do - the average person would have to remember (or write down) dozens of username and password combinations.
Instead, many simply "reuse" existing passwords, increasing their risk of loss. A password compromised at Yahoo can be used on Facebook, for example, if they use the same password.
For this reason, the Rice Information Security Office recommends the use of a password manager. Password managers are applications designed to make managing all of these passwords much simpler. You only need to remember one - the password that unlocks the password application's database. These tools often integrate with your favorite mobile devices and web browsers, automating password creation for new sites and logging in to existing ones.
The secure password databases can also be automatically synchronized across devices and browsers. These password managers also support enhanced security, including "multifactor authentication (MFA)" technology like secure tokens, text/SMS codes, and TouchID on iPhones and iPads.
There are several password manager applications to choose from. Popular examples are 1Password, BitWarden, DashLane, RoboForm, and Enpass:
- 1Password (https://1password.com)
- BitWarden (https://www.bitwarden.com)
- DashLane (https://www.dashlane.com)
- RoboForm (https://www.roboform.com)
- Enpass (https://www.enpass.io)
The Rice Information Security Office also recommends using a password manager for home and personal use. Many password managers allow you to sync passwords across all of your devices.
Without a password manager
We recommend changing your passwords to passphrases.
The longer they are, the stronger they are.
For example, "adoglikesacat" (a passphrase) is stronger than "!password3" (a password) and is also easier to remember. If you have any questions about passphrases or keeping your accounts safe, please reach out to us at security@rice.edu.