Passwords are the keys to your digital kingdom. Use them wisely.
Your passwords are the key to securing your systems, your accounts, and the University. Make your shield even stronger by using strong passwords. Cyber attackers have developed sophisticated methods to guess or brute force passwords, and they are continually getting better at it. This means they can compromise your passwords if they are short or easy to guess, such as your pet’s name or your university’s mascot.
When creating a password, make sure to avoid using common words such as well-known university branding, months, seasons, graduation, or birth years, etc.… The more characters your password has, the stronger it is and the harder it is for an attacker to guess.
Passphrases
While more secure, long, complex passwords can be difficult to remember. To help you create strong passwords that are easy to remember and type, create a passphrase instead. Passphrases are nothing more than a sentence or group of random words. For example, you can use a passphrase like:
Correct horse battery Staple
Notice how many characters this passphrase has, yet it’s easy to both type and remember. You can make any password or passphrase comply with any service’s complexity rules by replacing a letter with a number, such as replacing the letter “o” with the number “0”, using lower- and uppercase letters, or adding symbols, such as spaces or punctuation.
In addition to creating strong passwords, be careful how you use them. Here are several key steps that will protect your passwords:
Use a different, unique password for each of your accounts. That way, if one of your accounts is hacked and your password is compromised, your other accounts are still safe.
Refer to UVA Information Security for more information on setting a secure passphrase.
Can't remember all your unique passwords? Consider using a password manager. This is a special program that securely stores all your passwords for you. You only need to remember the password to your password manager. The University provides LastPass for faculty, staff, and students.
Two-Factor Authentication
Many online accounts offer something called two-factor or two-step verification. This is where you need more than just your password to log in, such as codes sent to your smartphone, or codes generated by a token. Whenever possible, always enable stronger authentication methods like these. Solutions like two-step verification are one of the most effective steps you can take to protect your accounts. For more information about Duo, the University required two-factor authentication, click here.
3 Password Hygiene Tips
Never share your password with anyone else, including fellow employees. Remember, your password is a secret; if anyone else knows your password, it is no longer secure.
Do not use public computers, such as those at hotels or libraries, to log into sensitive accounts, such as those for work or your online bank account. Since anyone can use these computers, they may be infected with malware that captures all your keystrokes. Only log into sensitive accounts from trusted computers or mobile devices you control.
Finally, be careful of websites that require you to answer personal questions when creating an account. These questions are used if you forget your password and need to reset it. The problem is that answers to these questions are often public knowledge and can easily be found on the internet. Make sure that if you answer personal questions you use only information that is not publicly known.
If you accidentally share your password with someone else or believe your password may have been compromised or stolen, be sure to change it immediately and contact the UVA Help Desk or UVA Information Security.
Adapted from SANS Institute, Passwords