Dr. Thomas S. Cleary, vice chancellor for planning, performance and information systems, discusses common insecure passwords Sept. 10. See list online at TheRanger.org. Daniel Arguelles
Picking a stronger password is vital to keeping hackers at bay.
By Carlos Ferrand
cferrand@student.alamo.edu
It may be hard to believe anybody would use the word “password” for an ACES password, but according to Dr. Thomas Cleary, vice chancellor for planning, performance and ITS, it happens more than one might think.
Cleary presented trustees with a list of 25 inadequate passwords that an estimated 2 percent of people use at the Sept. 10 meeting of the Building, Grounds and Sites Selection Committee of Alamo Colleges board of trustees.
“Some are clever, but they are not tricky, so easy to remember but easy to hack,” he said.
A cyber attack that forced a manual system shutdown Aug. 28 came from active ACES accounts.
Hackers routinely first try the passwords Cleary listed when they look to breach someone’s account, he said.
Cleary recommended anybody creating a password should add numbers, caps or characters to make it distinctive which will make it stronger and more secure.
The stronger a password, the less likely a user will have a system hacked, he said.
Alamo Colleges has about 250,000 active ACES accounts. A students’ ACES account remains active for one year after a student leaves.
Accounts stay active because many students return within a year, he said.
Students and faculty should be aware of social engineering, Cleary said. To trick someone into divulging information, hackers manipulate a person into performing an act that will reveal confidential information.
“Social engineering is basically trickery,” he said.
Hackers might call a student, identifying themselves as an employee in financial aid or technology services.
The caller may say there is a problem with an account and ask for additional information to fix it.
Baiting is another tactic hackers use to get inside systems.
“It’s not a fishing trip in this context,” Cleary said.
Hackers load a thumb drive with a virus or a Trojan horse and leave it for someone to find.
People are curious, so they put the thumb drive into a computer to see what is on it, Cleary said.
Files on the thumb drive may contain damaging viruses or backdoor functions that allow hackers to enter the system.
“We get 180 million emails per year and 75 percent-80 percent are malicious,” Cleary said.
Spam accounts for a majority of malicious email messages received.
Most email messages try to trick users into sending confidential information, but a few contain viruses or Trojan horses.
The ACES system has filters to trap these threats before they reach a user.
There are layers and layers of security measures throughout the system, Cleary said.
“Our system is under attack all the time,” he said. “It is under attack right now as we speak.”
