Password Management Tips
Are you just one weak password away from a devastating security breach?
A security breach or cyber attack is any incident that results in the unauthorized access of your data, applications, services, networks and/or devices by bypassing the underlying security mechanisms.
As Students, Faculty and Staff increasingly employ "bring your own device" (BYOD) and more resources are moving to cloud environments, securing data is far more challenging—and complicated—than ever before. The security measures that worked 10 years ago no longer work today. Every password is a "key" that keeps your personal information protected.
- Use a Password Manager - Passwords shouldn't be written on sticky notes, stored in email or saved in plain old documents. A password manager is a secure app that keeps passwords encrypted and backed up for safekeeping.
- Add Two-Factor Authentication - Two-factor authentication requires a second login step before you can access an account. It combines something you know (your password) with something you have (a key or code), keeping you safer online.
- Generate Secure Passwords - The best password is the one you don't know. Use a password generator to create long passwords, and use a different password for every single online account. A password manager remembers them all for you.
- Don't Remember Me - Don't select the "remember me" option on websites. Always logout when you're finished using your device, and let a password manager remember all your passwords and login for you next time.
- Stay Up to Date - Software updates contain important security and usability improvements. Always update browsers, apps and your operating system promptly so that old bugs don't give hackers a way into your devices.
- Browse on HTTPS - Using HTTP means that anyone can spy on the data you're sending over the web, making it easier for someone to steal your username and password. Look for HTTPS for a secure connection on the web.
- Lock Your Screen - Keep prying eyes away from your computer and mobile devices with automatic lock screens. Set your screen to time out after a few minutes of inactivity and require a PIN or passcode to get back in to your device.
- Be Stingy with Permissions - Before you download that app or sign up for that new website, read the privacy and permissions policy so you understand how it plans to store your data.
Keep a Clean Machine
Keep security software current - Having the latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats.
Automate software updates - Many software programs automatically connect and update your system to defend against known risks. Turn on automatic updates if that’s an available option.
- Protect all devices that connect to the Internet - Along with computers, smartphones, gaming systems, and other web‐enabled devices also need protection from viruses and malware.
- Plug & scan - Viruses and malware also infect USBs and other external devices. Use your security software to scan them.
Protect Your Personal Information
- Protect your identity - Limit the amount of personal information you share or provide. The following is a
list of information that you should not post online:
- Address (city and state may be safe) do not post your Residence Hall, sorority house address or even your home address
- Your class schedule or where you work
- Social Security Number
- Birthday (if you do list it, post month and day only, and leave out the year)
- Cell phone number or home phone number
- Passwords or account information
- Secure your accounts - Ask for protection beyond passwords. Many account providers now offer additional ways for you verify your identity before you conduct business on that site.
- Make passwords long and strong - Combine capital and lowercase letters with numbers and symbols to create a more secure password.
- Unique account, unique password - Separate passwords for every account helps to thwart cybercriminals.
- Write it down and keep it safe - Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.
- Own your online presence - When available, set the privacy and security settings on websites to your comfort level for information sharing. It’s ok to limit how and with whom you share information.
Mobile Security Tips
According to Pew Research Center's Internet and American Life Project, 56 percent of American adults own a smartphone. Mobile devices are convenient because they allow Americans to get online from anywhere, but there are some potential threats with using this type of technology. It’s important to understand how to protect yourself when using mobile devices. More than half of mobile application (app) users have uninstalled or decided not to install an app because of concerns about their personal information.
- Use strong passwords - Change any default passwords on your mobile device to ones that would be difficult for someone to guess. Use different passwords for different programs and devices. Do not choose options that allow your device to remember your passwords.
- Keep software up to Date - Install updates for apps and your device’s operating system as soon as they are available.
Keeping the software on your mobile device up to date will prevent attackers from
being able to take advantage of known vulnerabilities.
- Disable remote connectivity - Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can connect to other devices. Disable these features when they are not in use.
- Be careful what you post and when - Wait to post pictures from trips and events so that people do not know where to find you. Posting where you are also reminds others that your house is empty.
- Guard your mobile device - To prevent theft and unauthorized access, never leave your mobile device unattended in a public place and lock your device when it’s not in use.
- Know your apps - Review and understand the details of an app before downloading and installing it. Be aware that apps may request access to your location and personal information. Delete any apps that you do not use regularly to increase your security.
Learn other Safe Computing Practices:
- How to Spot a Phishing Attempt
- DocuSign Phishing
- Information Security Awareness Training
- Know the available resources to keep your device safe. Use the Federal Communications Commission’s Smartphone Security Checker on a regular basis.