Password & account security
Your account is your identity, and your password is the key that gives you access to your data. Keeping your account and password secure is important, because if someone else has access to your password they will be able to have access to everything that you do, or abuse it for spreading spam and virus.
Because the University of Adelaide no longer enforces password expiration your password will need to be stronger and satisfy the following requirements:
- It must be equal to or longer than 11 characters
- It must contain both an upper and lower-case letter (no need to include numbers or symbols)
Choose a safe password
- Choose a long, complex password.
- Consider using a passphrase. Rather than using a word or set of characters, use a phrase or sentence that is memorable to you. For example: Myfavouriteseasonissummer
- Consider using sentence contraction to create a strong yet memorable password. Similarly to a passphrase, choose a sentence or phrase, then contract it to the initial letters of each word. Add some capitals or symbols to make it even stronger. For example: My favourite season is summer becomes I love the beach becomes mfsIsbiltB!
- Remember, the key to password strength is length.
Avoid unsafe password practices
The strength of your password can be further increased by avoiding these common mistakes.
Avoid making only minor changes to your password when it requires changing Some people increment a number at the end of our password each time it requires changing. For instance mittens01, mittens02, mittens03. This practice significantly decreases the security of your passwords and should be avoided. Should a hacker ever gain access to any of your previous passwords, it won’t take them long to work out your current password! Avoid using information that’s easily obtained about you The advent of social media has made personal information more accessible than ever before. Information previously considered private - birth dates, pet names, phone numbers, etc. – are now readily available for those willing to find it. Using (easily obtained) personal information in your password should be avoided. Avoid the top commonly used passwords Years of data breaches have given us insight into thousands of commonly-used passwords. Malicious hackers use such a dictionary of common passwords as an effective tool for cracking passwords quickly. We must avoid these at all costs! Check out the most common passwords used over the last few years in this Wikipedia article. Avoid re-using passwords across different services Data breaches happen to even the large companies like Google, Yahoo!, and DropBox. When malicious hackers get their hands on a bunch of usernames and passwords what do they do? They try it on other services to see if the same credentials are used. This is why it's very important that you choose a unique password for each service, and in particular, do not re-use your University password for other internet services. Don't share your password and avoid writing them down Your password is yours and yours alone. Never disclose your password – even to friends or family. Also avoid writing them down on post-it notes and avoid typing your password in front of others.
Use a password manager
Password managers are a fantastic tool that everyone should use. Some examples of these include Bitwarden and 1Password.
Consider all these benefits:
- You only need to ever remember one password - the password to your vault.
- The password manager can generate random passwords and store them securely.
- Auto-fills your login credentials in websites requiring authentication.
- Performs a "health check" on your passwords and highlights weaknesses.
- Helps to detect fake login sites.
It can be daunting in the beginning, but once you get the hang of it, you will wonder how you ever managed without it!
Use multi-factor authentication (MFA)
Multi-factor authentication (MFA) adds an additional layer of account security by requiring two or more pieces of information to gain access to our data and systems.
You are encouraged to opt-in to use MFA authentication whenever possible as it is a very effective way to prevent identity theft.
Click here to read more about setting up MFA.
Register your emails with "Have I Been Pwned"
Have I Been Pwned is a free service that can tell you if your email address has been involved in past known data breaches.
You can also register your email address and be notified when data breaches of services/accounts associated with your email become public.