Worcester State University
Information Security Awareness

Passwords/Personal Info

Setting passwords, best practice and what to avoid:

·         Have a password and do not share it with others.

o    A password serves as a means to authenticate the identity of the person using an account. Only the authorized user is meant to have access to the account and a password helps prevent misuse by unauthorized users Remember, the authorized user will be held responsible for misuse of the account if the password is shared.

·         Make passwords hard to guess.

o    It is a safe bet a hacker knows all the tricks. Avoid using anything that is easily attainable online. Things such as your first or last name or a combination of can be easily cracked. Account names are another example of something to avoid. Silly tricks such as making your password, “password” are also easily cracked.

·         At minimum use an eight character password using a mix of upper and lower case letters along with a numeric.

o    This increases the complexity of your password making it much more difficult to crack.

·         Change your password on a regular basis.

o    You would be surprised how often you may accidently expose your password to others. This will cut down on the possibility of misuse by others.

·         Store your password in a safe place.

o    While it's understandable that users often need to record their passwords, it really isn't a good practice to write them down.  Password lists should be stored in a safe place, such as  a strongly encrypted file with a good encryption key. In any case, great care must be taken to safeguard the password when it is used and to be sure to return it to a safe storage immediately after use. And so it follows…

·         Don't leave passwords where others can find them.

o    Don't leave your password on a post-it on your desk or written down in any other places where someone could easily find it. Certainly do not write down, “This is the password for ….”.  If you absolutely must write down your passwords, keep them in a secure, locked place. Also, don't leave your passwords where others can find them electronically. Never send them in email, post them to a site, leave them online in a file, etc.


Points of Interest:
  UTS Policy Site
  Check PW Strength
  UTS Guides
  Social Network Cons
  ISA Presentation
  Spot a Craig's List scam
  State Ethics Compliance
  Spot a Phishing/Spam Scam
  Modern Malware for Dummies
  Visit Educause Data Privacy
  Visit Educause Cybersecurity Initiative
  National Cyber Security Awareness
  Examples of "good" security questions

DataBridge © WSU, 486 Chandler Street, Worcester, MA 01602
Phone: 508-929-8000