Skip to main content

Identity and Access

Passwords

Strong passwords help keep your accounts safe.
  • A longer simpler password is better than a hard to remember short one This was a common misconception for years, but the truth of the matter is that it's much easier for a machine to cycle through all the possible combinations of a short password regardless of the characters used than a longer password or passphrase. Shoot for at least 12 characters.
  • Use a unique password for each account It's common for attackers to check a known password against other sites.
  • Avoid using similar passwords between accounts For example, passwords that only differ by a single discernable word like I<3dogs4eva on one site and I<3cats4eva on another. It's common for attackers to do these substitutions, substitute a character, or add a 1 on the end of a password.
  • Don't use personal information in your passwords They might make a password easy to remember but they're also easy for someone else to figure out or trawl your social media sites for.
  • Treat security questions as additional passwords Never answer them truthfully. There have been several high-profile cases of an attacker successfully guessing the answers to the victim's security questions, and using that to get access to their account.
  • Avoid weak, commonly-used passwords Some common examples are Password1, Temp!, or asdf123. Have I Been Pwned can help you determine if a particular password was already part of a breach.
  • Use a password manager This software will help you keep track of all these passwords, and help generate new secure passwords. LastPass Enterprise is a "UW CISO-approved browser-based password management tool," but there is a free version of it and its competitors (eg 1password or Dashlane). Don't like the idea of a password manager service, and want to make/manage your own password vault? You could also use KeePass to create a password vault on a cloud drive for similar basic functionality.
  • Use multifactor authentication Adding an additional factor like a fingerprint, or a one-time token generated on your phone create an additional layer of security around your account. These additional factors are typically easy for you to produce, but infeasible for someone else trying to get into your account (unlike a plain password). You should turn on multifactor authentication whenever you can!

Social Media

Social media platforms are an integral part of our online presence. They creates new opportunities for communication and collaboration, keeps us in touch with friends and family, and share personal information. However, those connections and information can also be used against you.
  • Privacy Settings: Anonymity and privacy are in a constant state of flux in the world of social media. It's important to learn about and use each social network's security settings, and revisit them occasionally. Try to be as conservative as you can.
  • Keep personal data personal: Be cautious of how much personal information you post online. The more you post, the easier it is for someone to steal your identity, access your data, or stalk you.
  • Posts tend to live forever: Posts and comments may be able to be found via search engine years after they are posted. Take a moment to think about that picture you're about to post, or that heated comment, and how it will reflect on you to others (like future employers).
  • Know who your friends are: There's a certain alure to gathering as many friends as possible, but also consider that you don't necessarily have to share everything with everyone. Also, take a minute to investigate that long lost friend to make sure they are who they say they are, and not someone just trying to jump a privacy barrier.