Password Tips and Best Practices

Protecting Your Password

Your password is what protects you from cyber criminals. It is not difficult to come up with safe password methods which will help keep your passwords complex and help you protect you and your identity.

These days, almost everything we do requires a PIN number or a password. There are so many that we sometimes can't keep track of them. While we may find passwords somewhat annoying, and even take them for granted, it is important to remember why passwords are important.

Passwords are often the first, and sometimes the only, defense against unauthorized access or intrusion of a specific computing system. For this reason, creating and maintaining secure passwords is the single most important step to protecting yourself from unauthorized use of your computing resources.

If you are having an issue with your password, review some of the possible causes and what can be done to resolve the issue.

Password Security Tips

When using a password, please abide by the following recommendations.

  • Do not use passwords that are based on personal information that can be easily accessed or guessed. This includes names of family members or pets, birthdays, Social Security numbers, phone numbers, and addresses.
  • Never give your passwords to anyone else, this includes sending your password through an email. IT Support Center staff and other IT technology support personnel will never request your passwords.
  • Commit your password to memory. Never write it down!
  • Use four random words that combined are at least 15 characters. An example would be: phonewaterstarcake.
  • Do not reuse old passwords.
  • Passwords should be changed yearly.
  • When you change your password, do not use any of the same random words. For example if your old password was "alpha" "bravo" "echo" "victor," your new password should not contain alpha, bravo, echo, or victor. Your new password should be completely different.
  • Do not use your password or a variation of that password for any of your other accounts. By making your passwords similar or the same, your accounts become easier to hack. Chances are if the hacker was able to get into one of your accounts, they will try to get in the others as well. By making your passwords completely different, it eliminates the security risk and makes your accounts more secure.
  • Do not use any IUP password for external services (i.e., social networking).
  • Do not let anyone else besides you have access to your account. You will be responsible for anything that person does on your account. This includes leaving your computer unattended while you are logged in. If you must step away from a computer, you should log out of the computer, or lock the screen.
  • Computers should be set to lock or disconnect users after periods of inactivity.

Consider using a secure password manager. There are many benefits to using a password manager, one possible option is KeePass. This is a storage system that will allow you to locally store passwords. It is not recommended that you use any password-keeping solution such as the cloud. To learn more about one software option that can manage passwords, please review KeePass.

Best Password Practices

When creating and using a password, please consider these recommendations.

  • Don't save passwords in your web browser. Note that it's not only a security risk, but could cause your account to be locked out after changing your password.
  • Use caution when saving passwords to services such as Google sync. Google sync will automatically enter in your old password even though you are entering the new password! This will lock your account if you have your IUPMSD synced with Google sync.
  • Do not use the same password for multiple accounts.
  • Do not save your password in your IUP VPN connection.
  • If you change your password on a PC where you have connections to IUP network drives, restart your PC (or log off) immediately after changing your password and log on with the new password. This will re-establish the connection to the drives with the new password.
  • If you think your password has been used to gain unauthorized access to a computing resource, change it immediately!

Creating More Secure Passwords

Although passwords are a vital component of system security, they can often be cracked or broken relatively easily. Password cracking is the process of figuring out or breaking passwords in order to gain unauthorized entrance to a system or account.

Because there is always an ongoing threat of password cracking, we must develop good, strong passwords. Here are a few suggestions when creating and maintaining your passwords (this information is from US Computer Emergency Response Team (US-Cert) ).

Before You Change your Password

Before changing your password, please go through this checklist so that you don't run into issues with an incorrect password or locked account.

  • It is important that you do not have any open connections to an IUP service that uses single sign-on access. This includes the IUP wireless and VPN.
  • Log out of all resources using single sign-on and close all web browsers.
  • If you are logged on to more than one PC on campus, do not change your password. Log off of the other PCs first.
  • If you are on campus and you may be connected to the VPN from an off-campus machine, wait to change your password until you can disconnect from the VPN.
  • If you are off-campus but you are still logged on to a PC on campus, do not change your password.
  • Disconnect all devices (cell phone, tablet, etc.) from the IUP wireless network.

After Changing your Password

If you have changed your password and found that you are locked out of your account, please try completing the list below.

  • Turn on the wireless on devices and update the password for the wireless connection.
  • Update the password in any mail apps (on your phone, on a device).
  • If you are signed into a computer on campus using your network credentials, please sign out of the computer and sign in with your new password.

Troubleshooting Password Issues - Invalid Password

If the Web Single Sign on Service (myIUP, OWA, D2L, ihelp, etc.) states that you have entered an Invalid Password or that you can not log in to an IUP computer:

  • Try deleting the password you have entered and retyping it. Your finger could have slipped and that caused your password to be entered in incorrectly.
  • Verify that you are entering in the correct password.
  • Ensure that caps lock is not turned on. Passwords are case sensitive!

If you are trying to connect to the VPN or map drives and are receiving an invalid password message:

  • Be sure to enter "IUPMSD\" in front of your username. If you do not, the computer will be searching for your account on the computer rather than searching for it on the IUP network domain.
  • Try using your password on a web single sign on service to be sure it is not expired. If it is expired, update it.
  • Ensure that caps lock is not turned on. Passwords are case sensitive!

If you have forgotten what the password is:

  • Please go to Iaccounts . When you are on the iaccounts website, choose from one of the options that best fits your scenario.

Troubleshooting Password Issues - Expired Password

If your IUP network password is expired and you attempt to log in to a web single sign on service, you will receive a message saying that your password is expired. The web page will provide a link to redirect you to iaccounts where you can update your expired password.

If you log in to an IUP-owned computer while your password is expired, the computer will prompt you to change your password.

If you believe your password is expired and have not received the message above when trying to log in to the web single sign on service, please go to iaccounts and change your IUP network password.

Troubleshooting Password Issues - Locked Account

If your account is locked, the issue may be related to an invalid password entered in too many times or an old password that is saved on a connected device or service.

If you have recently changed your password, you still need to update any device where you saved the old password.

In order to unlock your account you should try:

  1. Reboot all IUP computers that you are logged into that have the previous/expired password.
  2. Disconnect all devices from the wireless network.
  3. If you have synced our passwords to your Gmail account, clear this as well from the Google Dashboard.
  4. Clear the cache from all internet browsers and clear any saved passwords in these browsers.
  5. Disconnect any VPN connection. Reconnect and relog into the wireless VPN with the password that you have reset. See step by step instructions to set up a VPN .
  6. Disconnect any network drives that you may have saved passwords on. Rebooting an IUP-owned computer will disconnect the mapped driver.

After verifying these steps, it may take up to 15 minutes for your account to unlock.

Troubleshooting Password Issues - Can't Log Into an IUP Computer

If you are unable to log in to an IUP-owned computer and see the error

  • The computer could be logged into by another person. In this case, switch computers if one is available.
  • Be sure that caps lock is not on and you are trying to the correct password.

If you are unable to log in to an IUP-owned computer and are receiving this policy error: "The group policy client server failed the sign-in. Access denied"