Password Security for Faculty
Password Quick Tips:
- Make sure your password is complex and longer than 9 characters. Short and noncomplex passwords are easily figured out by hackers.
- Use a variety of characters such as upper case, lower case, numbers and symbols.
- Don’t write down your passwords (keep them in your head or in an encrypted file).
- Don’t share your password with anybody for any reason, not even with the TSC.
Creating and Remembering Your Password
Creating and remembering strong password can sometimes be challenging. Below are several methods that can help you create and remember strong passwords.
- Use the first characters of a sentence you can easily remember. My son Al is 3 years old in November converts to MsAi3yoiN or I go on Vacation13 May would be IgoV13M.
- Use numbers in a word, for example a 5 instead of an s and a 3 instead of an e. partn3r5.
- Substituting special characters for letters for example I go on Vacation13 May could be Igo#13M.
Is your password weak?
The following are some examples of practices and behaviors that can result in weak or bad passwords. Under no circumstances should individuals use passwords that utilize the following:
- Passwords that match the account ID
- Passwords that contain the user account owner’s name, first middle or last.
- Passwords that contain the users bear ID or Social Security number
- Any consecutive or repeating keyboard characters e.g. “123”, “jkl
- Family-oriented passwords, (your name, nicknames, partners, children or pets). 50% of people do this, and these passwords are easily guessed.
- “Fan” names, (sport stars, cartoon characters, pop icons). 33% of users do this.
- “Self-obsessed” words, (stud, goddess), 11% of users do this.
- Common dangerous practices are to use the words, (or simple derivatives), that could easily be guessed by someone else, e.g. password, sesame, changeme, secret, qwerty, money, pass, abc123, private, admin, 123456, god, hello, 111111, UNC.
Why would anyone need your password?
- You are given access to University services to enable you to do your work. Means of access are created to uniquely identify you and the resources you are authorized to access, so under no circumstances will anyone every need to have your PDID (Personal digital Identity) or password.
- This also applies to technical IT staff maintaining computers and applications. Therefore:
- Never disclose your password.
- The support departments must only be allowed access to your account if you are present and can observe what is being done.
Should I give my password to a colleague or support staff in case I need them to check my e-mail or they need to access some information on my computer when I’m not around?
Your PDID and password combination uniquely identifies you within the University’s digital world. Remember that you are responsible for actions taken with your digital identity and only you should have access to your pay records and other personal information. It’s in your best interest to vigilantly guard and protect your PDID and password.