CHOOSE GOOD PASSWORDS

You should never use only one password for everything. Have at least four or five, and change them on a regular basis. Passwords should be a combination of letters and numbers (and even symbols) because they're harder to crack. Don't tell your passwords to anyone, and don't make them too obvious. Things like mother's maiden name, date or place of birth, pet's name, the town you live in, or school/university you attend are all easy to guess or find out and, therefore, bad choices.

University representatives will never ask for your password: It is against University policy for a technology service provider to request a user's passwords.  If someone demands a password, refer them to this document or have them call the Help Desk (678-8888).

• Never tell your password to anyone!
• Never write down your password.
• Make your password hard to guess — do not use the name of your pet, your child, or city etc.
• Avoid using words found in a dictionary.
• Never write down your password. A sticky note is NOT secure!
• The more random your password is the better.
• Be sure that you don't use personal identifiers in your password (like your name or UUID).
• Take responsibility for your UUID and Password.
• Never tell your password to anyone!

A compromised password not only puts your own information at risk, it may also expose sensitive campus data and systems.

EXAMPLES OF EXTREMELY BAD PASSWORDS

• Your name in any form - first, middle, last, maiden, spelled backwards, nickname, or initials
• Your user ID or your user ID spelled backwards
• Part of your user ID or name
• Any common name, such as Joe
• The name of a close relative, friend, or pet
• Your phone number, office number, address, or town
• Your birthday or anniversary date
• Simple variants of names or words (even foreign words), simple patterns or well-known values
• Your favorite sports team (NFL, NBA, MLB, etc.)
• Your license plate number, your social security number, or any all-numeral password
• Names from popular culture (e.g.: Beatles, Spiderman, etc.)

A strong password is one that's hard to crack. A strong password should have the following:

• No fewer than eight (8) characters in length. However, a good choice is a "pass phrase" composed of four (4) words and punctuation. A pass phrase is a longer version of a password and is therefore more secure.  A pass phrase is typically composed of multiple words.
• At least three of the following four types of characters:

• • At least one number.
  • At least one uppercase letter.
  • At least one lowercase letter.
  • At least one symbol (!,@,#,$,^).

No matter how complex a password is, if you write it down it is way less effective.

GUIDELINES FOR PROTECTING YOUR PASSWORDS

• Safeguard your password: All passwords are to be treated as confidential University information.
• Take responsibility: You are responsible for the security of your passwords and accountable for any misuse if they are guessed, disclosed, or compromised.
• Make your password unique: Do not use your UOM Password for any other services offered elsewhere (i.e. personal Internet service provider accounts, free online email accounts, instant messaging accounts, other online services, etc.). Your UOM Password should be unique from every other password that you use. This will limit your exposure if any of your passwords are compromised.
• Avoid using the "Remember Password" feature: These features, typically used to access secure applications (i.e. email, calendar, financial systems) and Web browsers (i.e. Mozilla Firefox and Internet Explorer), do not adequately protect passwords. It may be possible for a computer virus or unauthorized user to gain access to this stored information.
• Clear the cache of your Internet browser before quitting your browser: Quitting a web browser does not mean that cookies and related files are removed from your machine, so remember to clear the cache before quitting the web browser when you are finished using it unless no one else has access to the computer you are using.
• Quit your Internet browser when you are finished using it: When you use your password with a web browser like Firefox or Internet Explorer, it saves the password in memory as long as it is running, so remember to quit the browser when you are finished using it unless no one else has access to the computer you are using.

• Turn on your browser's pop-up blocker.
• If a pop-up does squeeze through, don't click on it. Close down the window from the Taskbar. Many pop-ups will try to trick you by reproducing the "X" close-window icon as part of the ad. When you click on it thinking you're closing the window, you actually click through to the advertisement.
• There's nothing wrong with using your credit card to make online purchases if the site is a reputable one using a secure connection. If the site is secure, you'll see a lock icon displayed in the lower right corner of your browser window.
• Turn on your browser's anti-phishing filter to block thousands of confirmed phishing sites. Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. It is also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
• Don't be suckered in by shady-looking ads that say you've won money or contests. It's always too good to be true.

• Don't open email attachments from people you don't know.
• Don't email your user name and/or password to anyone, EVER!
• Treat any email from someone you don't recognize with caution. Spammers often use personal-sounding subject lines like "Your money is waiting," "Your loan was approved," or "Here's the memo you requested."
• Never send credit card information or other personal details through email, and beware of emails claiming they're from well-known companies asking for such information. No reputable company would solicit information from a customer unless you're the one initiating the transaction.
• Never click the "Unsubscribe" link in a spam email. All this does is indicate to the spammer that your email address is active, and will likely result in even more spam.
• Use your email client's security filters to block spam email addresses and label junk mail appropriately.

• Make sensitive blog posts friends-only so that they're not visible to the general public. Your hosted site can guide you on how to restrict viewers.
• Think twice about posting photos of yourself and your family members - especially children.
• Never advertise personal information beyond what can be looked up in public directories.
• Report compromises immediately: If you suspect your account or password has been compromised, report the incident to the Incident Response Team or call the Help Desk to change the password immediately. If you think someone else has your password, you should reset your password right away (before he/she changes the password).

FOR MORE INFORMATION download this pdf. Right click and select "Save Target As".