Password Security: Tips for Staff, Faculty and Students

by John Chan

Password is a very important piece of information for any computing user. Together with your username, it gives you access to all computing services on the campus network. Every time you connect, you must provide the magic word. When the password has been leaked to an illegal person, he/she can pretend to be you, which means the intruder would then have access to your files, your e-mail, your personal information, and more. This intruder will have the power to modify or destroy your files, to send electronic mail threats on your behalf, or even break into a system to monitor other machines and systems on the same network and capture information about local users logging on to those machines. In short, an insecure password will not only affect the user on using the computing facility, the University as a whole might be jeopardized by such misuse. Thereafter, any kind of mishaps can be performed that might be harmful to the user and even to the University.

The following are some of the tips that can help you manage your password.

Choosing a password

  • Choose a password with at least 8 characters containing both Alpha and Numeric characters, if possible.
  • Do not use a blank space.
  • Always use a mixture of upper- and lowercase characters.
  • Do not use Weak Password.
  • Do not use your computer account name, or the reverse of it, as the password
  • Weak Password includes:
    • Password that can be searched from dictionary
    • Password that is related to your personal information, such as birth date, telephone numbers, ID, license numbers, etc.
    • Password that is related to names or places
    • Abbreviations of common phrases or acronyms
    • Sequences of numbers or alphabets, or consecutive keys on a keyboard
    • Foreign words e.g. sayonara
    • Simple transformations of words e.g. 7eleven

Managing your password

  • Change your password regularly
  • Do not let anyone know your account password
  • Do not write down your password
  • Do not place your password together with your staff ID or any computer account name
  • Do not use the same password for different systems or applications, especially those provided by ISPs or public services

Using your account and password

  • Do not lend your computer account to others including your friends and relatives
  • Do not use your account to login a service through a public terminal where security protection is unknown
  • Be careful not to reveal your password to anyone while logging in a service in a public area
  • Always logout, and/or reboot, before and after using a public terminal