Home
FUTURE STUDENTS SUPPORT UWINDSOR
Cybersecurity Awareness - Password care icon Graphic illustration of a blue team with yellow team members surrounding

Passwords and How to Care for them

Password Care - Information Exposure

Question mark inside circle graphic illustrationAre you a Lancer Team Player?

Scenario (Information Exposure):

You are tagged in a post on social media, asking you to respond to a series of fun questions about yourself, and to share it to your wall, tagging others, and the person who tagged you. 

Questions you might ask yourself before sharing the information:
  • Who is going to see this information?
  • How personal is it?
  • Have I used any of these answers in security questions to protect accounts?
  • Do I really want to publish this much information about me, what I’m interested in, and where I go? 

While fun and a way to connect with your friends on social media, these surveys reveal a lot of information about yourself. The details are often like what is used for security questions or identity verification. Publishing this data makes it easier for someone to impersonate you.

Recommended Response

Ignore the tag and do not respond.

Be a Lancer Team Player

A Lancer Team Player is someone who thinks about the cybersecurity implications of a situation and takes appropriate action to safeguard accounts, information and research, and computing resources. It’s the digital equivalent of looking both ways before crossing the street. A Lancer team player pauses to stop, think, then clicks only if appropriate.

Many users have a false sense of security, believing that technology solutions such as passwords, anti-virus, and network firewalls protect them from the evils of the Internet. Technology cannot protect against everything, so online users also need to act like a firewall.

While fun and a way to connect with your friends on social media, these surveys reveal a lot of information about yourself. The details are often like what is used for security questions or identity verification. Publishing this data makes it easier for someone to impersonate you.

Recommended Response

Ignore the tag and do not respond.

Be a Lancer Team Player

A Lancer team player is someone who thinks about the cybersecurity implications of a situation and takes appropriate action to safeguard accounts, information and research, and computing resources. It’s the digital equivalent of looking both ways before crossing the street. A Lancer team player pauses to stop, think, then clicks only if appropriate.

Many users have a false sense of security, believing that technology solutions such as passwords, anti-virus, and network firewalls protect them from the evils of the Internet. Technology cannot protect against everything, so online users also need to act like a firewall.

Twin Pillars of Password Maintenance

There are two fundamental password practices for securing our personal and work lives from hackers:

  • Use unique passwords for every Web site or system that you use. Never re-use your work password on your social media sites, or your banking password on shopping sites. Make each password is really distinct from the others, and not just a variation on some common theme.
  • Change your passwords regularly, not only at work, but in your personal life as well.  Make each new password unique, so that it can't be guessed from your old one. That way, it won't matter if your old password ends up in the wrong hands.

In a recent report 81% of hacking-related breaches leveraged stolen or and/or weak passwords1.

Keeping passwords unique limits the scope of compromise if someone gets into your account, and changing your passwords regularly prevents a new hacker from re-using your password if it gets shared on the Internet.

Additionally, do not use passwords that are obvious, such as in the following graphic2.

20 years of worst-passwords-historic

 

 

 

 

 

 

 

 

 

 

 

What's at stake if we don't care for our passwords?

  • Almost every month, there's a news story about millions of passwords being leaked online from organizations, social media sites and other online services. Only a few years ago, 167 million LinkedIn passwords were posted online for public download.
  • If a hacker ever discovers your campus password, they can impersonate you in Blackboard, UWinsite Student, and other core campus systems; they can access your pay-slips, Social Insurance Number, and tax information; they can use your email address to attack your colleagues with viruses and phishing attempts.
  • In personal life, it can take years to recover from the effects of identity theft. Not only do many victims find their credit ratings destroyed, but their emotional health and family relationships often suffer as well.

Password Managers can help

To make easy work of managing your password, we recommend using a password manager program, such as KeePass. Password managers keep your password list secure, and make it easy to choose new, strong passwords. We have a knowledge-based article on using KeePass at uwindsor.ca/keepass.

Multi-factor authentication (MFA):
Your Phone is the Key

One of our campus-security initiatives is multi-factor authentication or MFA. With MFA activated on your account, you'll need two or more pieces of information to unlock your account:

  1. Your UWin Account ID and password, as always; and
  2. A secondary authentication challenge will take place. The recommended practice is using the Microsft Authenticator, an app installed on your mobile device that will ask for the number displayed, and will also show the location of the login attempt. Text message a code to your mobile phone is available but doesn't provide the security of the Authenticator app. More on second-factor authentication.

Even if a hacker knows your password, it's not enough to let them into your account. Unless they also have your MFA device (usually, your mobile phone), there's no way for them to get in.

For more information about MFA or to sign up, visit uwindsor.ca/multifactor.

Say Hello to Windows Hello

Streamline your sign-on process with Windows Hello if you have a computer with a Trusted Platform Module (TPM). You can set up a PIN for your workstations to sign in to Windows instead of the password or you can choose to go with a biometric option if it's available on your device. See how to set it up with the Windows Hello knowledge base article

You’ve got a friend in cybersecurity!

IT Services is always happy to answer questions about passwords and security. Good password maintenance benefits everyone, and it’s our job to help you keep your work life, and your personal life, safe from attack. Don’t hesitate to ask us for help!

We're here to help!

IT Services is happy to answer questions about cybersecurity on campus: ext. 4440 or open a ticket for service here: uwindsor.ca/itshelp. More information on cybersecurity issues facing campus: uwindsor.ca/cybersecurity

 

Sources

https://www.verizon.com/business/resources/reports/2023-data-breach-investigations-report-dbir.pdf

2 Top 10 Worst Passwords - 21 year history easy to hack (e-janco.com)

Password Care

Having a weak password is almost worse than having no password at all! A weak password gives us a false sense of security, while exposing us to all kinds of risk. Good password maintenance is a critical part of keeping our work, and our personal lives, safe from attack. Using a Password Manager application can take the grunt-work out of creating and memorizing good passwords.