Password Practices

  • Your password is what protects you from cyber criminals. It is not difficult to come up with safe password methods which will help keep your passwords complex and help protect you and your identity. 

    Password security tips:

    1. Never give your passwords to anyone else. IT Support Center staff and other IT technology support personnel will never request your passwords.

    2. Passwords should never be written down.

    3. Use a pass phrase, not just one word. A short, three word sentence is sufficient. 

    4. Try substituting special characters and numbers in place of normal characters. “I like cake,” for example, can be turned into “!~1!k3~C@ke.” The trick is to stay consistent with your substitutions so you do not get confused. If you are using an “!” for an “I” then always use the “!”.

    5. If possible, make sure your password has all four character types: Uppercase characters, lowercase characters, special characters, and numbers. (This may not always be possible, as some organizations do not allow certain special characters to be used in their passwords.

    6. Do not reuse old passwords

    7. Passwords should be changed regularly—at least every six months to a year. 

    8. When you change your password, do NOT keep the same base password and make a minor change. Here is an example. If your password is “charlie1,” do NOT then change it to “charlie2.” The new password should be completely different.

    9. Do NOT use the same password, or a variation of the same password, across all of your accounts. If an identity thief figures out your password, then all of your accounts and your identity will then be at risk, because all your passwords are the same. 

    10. Do not use any IUP password for external services (i.e. social networking).

    11. Do not log into a computer and let someone else use it. You will be held responsible for anything that person does.

    12. Do not leave a computer unattended while you are logged in. Anyone could access the computer while you are away, and you could be held responsible for anything that person does. If you must step away from a computer, you should log out of the computer, or lock the screen.

    13. Computers should be set to lock or disconnect users after periods of inactivity.