One Step Ahead: Keeping Passwords Strong and Secure

March 21, 2017
vol 63 issue 27
Bulletins
print

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Knowing how to change your password and retrieve information about your account if you have forgotten your username or password is the first step to taking control of the security of your online information. If you have been using the same password for several different accounts, if you suspect your account has been accessed without your consent or if you once shared your password with someone, it’s time to change your password.

Any time you suspect that an online account may have been accessed without your consent, you should always change your password immediately, even if your current password still works.

If the account in question involves a PennKey or access to Penn resources you should also contact security@upenn.edu as soon as possible.

Remember, you should not be using your PennKey password for any other online account.

• To update your PennKey password, visit the PennKey website at www.upenn.edu/computing/pennkey and click “Change my PennKey password.”

• If you have forgotten your PennKey username or password, click “Forgot my username/password” on the PennKey website and follow the instructions for resetting your password, based on your Penn affiliation.

• Enrolling in the PennKey Recovery Service can help you reset your password more quickly if you forget your PennKey username or password in the future. Click “PennKey Recovery Service Settings” to enroll.
Consider using these additional tools to help further facilitate secure PennKey usage:

• Two-step Verification adds an extra layer of security to your PennKey by asking you to sign in with something you know (your password) and also something you have (a numeric code sent to your phone or to a keychain fob), preventing someone who merely knows your password from logging in using your PennKey.

• Duo Mobile is a mobile application available to Penn users that further streamlines the Two-step Verification process.

Learn more about these tools on the Penn WebLogin site at: http://www.upenn.edu/computing/weblogin/two-step/

Using these tools will help you keep Penn’s informational assets more secure.

________________________________

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/