Information Technology Services

Cyber Security Article 2

Strong Passwords & Clark Account Password Recommendations

One of the best ways to protect your online identity and the information you have access to is to avoid using the same password for everything and never changing it. Managing your online identity is critical in today’s modern life and the following suggestions can make the task and your passwords easier to manage.

Your passwords are the online equivalent of the keys to your home. Using short, simple, predictable passwords is akin to a locked screen door. If you write your password down and keep it on your desk or under your keyboard, you are placing the key to your online identity “under your doormat”. Strong passwords are like putting a deadbolt on your computer and its data. They can also be easy to manage if you take advantage of some helpful tips:

  • Strong passwords should have at least eight characters and include a variety of characters. Increasing the number of characters by even one can immensely increase the difficulty of someone guessing your password. Most people just use 32 of the 94 available characters in their password, so assuming that, going from eight to nine characters in your password brings the number of unique possibilities from approximately 1.1 trillion to over 35 trillion. There are over one quadrillion ten character passwords.
  • Avoid dictionary & common words: there are programs that try every word in the dictionary in an attempt to access your account (called a brute force attack).
  • Don’t use personal information (name, relative’s name, birthdate, etc.): this information can be easy to obtain in today’s online world (using Facebook, Twitter, etc.).
  • Change passwords regularly: it depends on the type of data you have access to and how strong your password is. If you believe your computer has been compromised, you should change your passwords immediately (use a different computer until yours is known to be clean; compromised computers can send everything you type to another person/computer. These are called key logging viruses).
  • Use different passwords for each online account you access: if you use the same password, and it becomes compromised, then someone would have access to all accounts where you used that username and password.
  • Do not write down passwords or store them in a document on your computer. Do not tape them under your keyboard or around your desk, unscrupulous individuals will look at these locations first.

People pick passwords that are too easy because they don’t want ones that are difficult to type or easy to forget. One way to create a strong, easy to remember password is to think of a memorable phrase and change a few characters to make it really secure. For example, "I love pizza” could become “1L0vep1zZA” or “i10v3pi22a!” If you love pizza, it is unlikely you will ever forget this phrase. The password contains uppercase and lowercase letters and numerals and in the second version, a special character.

Another example might be to use the first letter of each word in a passphrase. If you take the phrase “Today I will Challenge Convention, Change Our World”, and change it to “2dayIwCC&cow”, you have a phrase you can easily remember and a very secure password.

In an effort to help protect everyone’s computing resources, on November 3rd, we will begin to enforce a maximum password age of 365 days for everyone’s Clark Account password. This means, if your password is older than 365 days, you will have to change it. You can change your password anytime, and we encourage you to change it before November 3rd if it’s more than one year old. You can find out the day your password will expire, and how to change it, by logging into ClarkYOU. It will be listed below your email quota graph. For more information about Clark’s password requirements and security changes, visit ITS’s Computer & Password Security page

Phishing Emails
Phishing emails (http://en.wikipedia.org/wiki/Phishing) are sent by individuals trying to gather information about you and your computer accounts; they’re going fishing for information, whether they catch anything is up to you.

Phishing attempts can be sent via emails, instant messaging, text messages, Facebook, etc. These messages typically try to get you to give up personal information by replying to them directly or by following a link to a web site that looks and feels legitimate. Common phishing emails try to obtain your username and password. Though there are many tricks people can use to fool you, there are a few tips of your own you can use to identify a phishing email. The first would be misspelled words in the email and awkward sentences; many times these messages are sent from outside the country and people sending them do not have a good grasp of the English language.

Another way is to verify the URL of any web page link in the email. For example: http://www.clarku.edu looks like a link to Clark’s home page but if you click on it, that’s not where you go. To verify a link in an email before clicking on it, move your cursor over the link and you should get a pop-up with the actual web page that you will be taken to when you click on the link. If you want to perform this same check on a link in a web browser, look in the lower left hand corner of your browser, the URL should be displayed when you move your mouse over the link. A variant of this trick is to slightly misspell the link http://www.microsott.com so that when you look at it quickly, it looks correct.

There are no absolute ways to keep us safe, but a little caution & intuition can go a long way to keeping you safer. Threats can be anywhere on the Internet, if you keep this advice in mind, you increase your chances of recognizing the tricks before you click.

There was a recent email phishing attempt, at Clark, which asked recipients to update their tax information. The email looks legitimate but if you look at it closely, you would see that the link in the email goes to a different address that is displayed.

Many attempts like this are actually posted on web sites like Snopes.com. This is a great web resource to check if you receive a message that just doesn’t look or feel right: http://www.snopes.com/fraud/phishing/phishing.asp.

If you’re not sure about replying to something, it’s a good idea to call the organization/person that you believe sent you the original email or reach them via contact information separate from the suspicious email. You can ask them if they indeed sent you a message asking for that information. Do not let these phishing attempts make a mackerel out of you. Stay Safe Online.

Clark ITS is committed to helping you. If you have any questions, need help or advice, please let us know.

Clark ITS Help Desk | Clark University - Academic Commons
helpdesk@clarku.edu | P: 508-793-7745
http://www.clarku.edu/helpdesk
------------------------------------------------
Never share your Clark Account Password, ITS will never ask you for this personal information.