Twin Pillars of Password Maintenance
There are two fundamental password practices for securing our personal and work lives from hackers:
- Use unique passwords for every Web site or system that you use. Never re-use your work password on your social media sites, or your banking password on shopping sites. Make each password is really distinct from the others, and not just a variation on some common theme.
- Change your passwords regularly, not only at work, but in your personal life as well. Make each new password unique, so that it can't be guessed from your old one. That way, it won't matter if your old password ends up in the wrong hands.
The PCI Standards Council reported in 2017 that 81% of hacking-related breaches leveraged stolen or and/or weak passwords.
Keeping passwords unique limits the scope of compromise if someone gets into your account, and changing your passwords regularly prevents a new hacker from re-using your password if it gets shared on the Internet.
Additionally, do not use passwords that are obvious, such as in the following graphic.
What's at stake if we don't care for our passwords?
- Almost every month, there's a news story about millions of email addresses or hundreds of millions of passwords being leaked online from social media sites and other online services. Only a few years ago, 167 million LinkedIn passwords were posted online for public download.
- If a hacker ever discovers your campus password, they can impersonate you in Blackboard, UWinsite Student, and other core campus systems; they can access your pay-slips, Social Insurance Number, and tax information; they can use your email address to attack your colleagues with viruses and phishing attempts.
- In personal life, it can take years to recover from the effects of identity theft. Not only do many victims find their credit ratings destroyed, but their emotional health and family relationships often suffer as well.
Password Managers to the Rescue!
To make easy work of managing your password, we recommend using a password manager program, such as KeePass. Password managers keep your password list secure, and make it easy to choose new, strong passwords. We have a knowledge base article on using KeePass at uwindsor.ca/keepass.
Multi-factor authentication (MFA):
Your Phone is the Key
One of our campus-security initiatives is the introduction of multi-factor authentication, or MFA. When MFA is activated on your account, you'll need two or more pieces of information to unlock your account:
- Your username and password, as always; and
- A secondary "authentication challenge." This might be a one-time PIN number that is texted to your mobile device. Or, a special app installed on your mobile device will ask you to press a button to continue.
Even if a hacker knows your password, it's not enough to let them into your account. Unless they also have your MFA device (usually, your mobile phone), there's no way for them to get in.
For more information about MFA or to sign up, visit uwindsor.ca/multifactor.
You’ve got a friend in cybersecurity!
IT Services is always happy to answer questions about passwords and security. Good password maintenance benefits everyone, and it’s our job to help you keep your work life, and your personal life, safe from attack. Don’t hesitate to ask us for help!
We're here to help!
IT Services is happy to answer questions about cybersecurity on campus: ext. 4440 or open a ticket for service here: uwindsor.ca/itshelp. More information on cybersecurity issues facing campus: uwindsor.ca/cybersecurity