|
|
 |
|
Issue
34 - December 2002
|
Password
Security: Tips for Staff, Faculty and Students
By
John Chan
|
|
|
Password
is a very important piece of information for any computing
user. Together with your username, it gives you access to
all computing services on the campus network. Every time you
connect, you must provide the magic word. When the password
has been leaked to an illegal person, he/she can pretend to
be you, which means the intruder would then have access to
your files, your e-mail, your personal information, and more.
This intruder will have the power to modify or destroy your
files, to send electronic mail threats on your behalf, or
even break into a system to monitor other machines and systems
on the same network and capture information about local users
logging on to those machines. In short, an insecure password
will not only affect the user on using the computing facility,
the University as a whole might be jeopardized by such misuse.
Thereafter, any kind of mishaps can be performed that might
be harmful to the user and even to the University.
The following
are some of the tips that can help you manage your password.
Choosing
a password
-
Choose a password with at least 8 characters containing
both Alpha and Numeric characters, if possible.
-
Do
not use a blank space.
-
Always
use a mixture of upper- and lowercase characters.
-
Do
not use Weak Password.
-
Do
not use your computer account name, or the reverse of it,
as the password
-
-
Password
that can be searched from dictionary
-
Password
that is related to your personal information, such as
birth date, telephone numbers, ID, license numbers,
etc.
-
Password
that is related to names or places
-
Abbreviations
of common phrases or acronyms
-
Sequences
of numbers or alphabets, or consecutive keys on a keyboard
-
Foreign
words e.g. sayonara
-
Simple
transformations of words e.g. 7eleven
-
Change
your password regularly
-
Do
not let anyone know your account password
-
Do
not write down your password
-
Do
not place your password together with your staff ID or any
computer account name
-
Do
not use the same password for different systems or applications,
especially those provided by ISPs or public services
Using
your account and password
-
Do
not lend your computer account to others including your
friends and relatives
-
Do
not use your account to login a service through a public
terminal where security protection is unknown
- Be careful not to
reveal your password to anyone while logging in a service in a
public area
-
Always
logout, and/or reboot, before and after using a public terminal
|
|
|
|
|
|
|
|
|
|
