Home

GEB 3213 Persuasive Writing Exercise

Writing in Business

 

Persuading People to Use Better Passwords

Your computer system requires each employee to change his or her password every three months. But many people choose passwords that are easy to guess. According to Deloitte & Touche’s fraud unit, the ten most commonly used passwords are:
(1) the employee’s name or child’s name,
(2) “secret,”
(3) stress-related words (“deadline,” “work”),
(4) sports teams or terms,
(5) “payday,”
(6) “bonkers,”
(7) the current season (“autumn,” “spring”),
(8) the employee’s ethnic group,
(9) repeated characters (“AAAAA”), and
(10) obscenities and sexual terms
(“Hackers’ Delight,” BusinessWeek, February 10, 1997, 4).

As Director of Management Information Systems (MIS), you want employees to choose passwords that hackers can’t guess based on knowing an employee's background. The best passwords contain numbers as well as letters, use more characters (at least five; eight possible), and aren’t real words.

To compare policies, you take a look at the local University's policy to see what their password management is like. The following is what you find under their FAQ page for password questions.

"A strong password is one that is difficult to obtain, guess, or determine. It is at least eight characters long and contains a combination of uppercase letters, lowercase letters, numbers, and punctuation. Your GatorLink password must contain at least three of those four elements and it cannot contain any words found in a dictionary.

Useful Strategies and Tips:

* The longer the password, the better.
* One way to make a password is to invent a phrase and use the first letter of each word to make an acronym, and then replace some letters with numbers or punctuation.
* Another way to make a password is to use 2 or 3 words or a short phrase but replace the vowels or specific letters with numbers or punctuation.

What not to do:

* Do not use your mother's maiden name, your GatorLink username, or anything obviously related to you–in any form (initials, reversed, doubled).
* Do not make minor changes to your current password.
* Do not use a given password example seen elsewhere."

What is the GatorLink Password Management policy?
As of 5 May 2004, any new password created must:

* Be at least eight characters long.
* Cannot contain any word found in a dictionary.
* Contain three out of these four elements –– uppercase letters, lowercase letters, numbers, and punctuation/special characters.

The policy document is available on-line at http://www.it.ufl.edu/policies/passwords.html

Why is a new policy necessary?
The University of Florida is committed to a secure information technology environment in support of its missions. With the implementation of new integrated, real-time computer systems and single sign-on accessibility via the myUFL portal, the need for a strong password policy is greater than ever. Chief among them are:

* The work you access with your GatorLink username and password is important, often mission-critical, and involves sensitive or private data about students, faculty, and staff. Protecting your password helps ensure this work is secured.
* The number of computer attacks (hacking) and the proliferation of computer viruses are a constant threat. Protecting your GatorLink account from unauthorized access helps keep UF computers and computer networks safe.

After thinking about they ways UF presented this information, write an e-mail message to all employees, persuading them to choose better passwords.