What's Your Password Strategy? |
|
August 26, 2014, Volume 61, No. 02 |
Another tip in a series provided by the
Offices of Information Systems & Computing and Audit, Compliance & Privacy
Much press has been given to a recent report about a US-based security firm that discovered 1.2 billion user names and passwords collected by Russian hackers from over 420,000 websites. Like many, you may be wondering, what’s the risk to me?
The greatest risk is to those that use the same password on multiple sites and never change that password. Below are simple tips for a robust password strategy.
1. Don’t use the same password for everything. If your password to even one website is compromised, that could expose you to fraudulent financial transactions and/or loss of privacy.
This may sound hard, but it’s easier if you think in terms of password categories:
• Work—PennKey. Make sure you have one strong password for your PennKey password that you use nowhere else. Consider taking advantage of ISC’s Two Factor Authentication service for PennKey, which protects your PennKey by requiring both your password and a code generated on your phone: www.upenn.edu/computing/weblogin/two-step/ Contact your Local Support Provider or security@isc.upenn.edu for assistance.
• Work—Not PennKey. Some systems at Penn ask for passwords that are not based on PennKey. Make sure that the password is strong and not used in any other program or situation.
• Personal—Important. For your life outside of Penn, consider creating one or two long and complex passwords for your most sensitive systems, such as online banking and other financial systems.
• Personal—E-Commerce. Select another password or two for accounts associated with online purchases (like Amazon). Note: if you are using your credit card, in many cases federal law protects you against significant liability if you report any loss or theft to your credit card company promptly.
2. Change the passwords for these key accounts periodically.
Coming soon: A One Step Ahead tip on using a secure online “vault” to help manage your passwords.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/ |