Using and maintaining strong password practices is an essential part of cybersecurity, both for protecting the confidential data that you access as part of your job at RIC, and for protecting your own personal confidential data.
Key reminders of password security:
- Never give out your passwords to anyone. The RIC IS Department staff will never ask you for your RIC network password or other personal passwords. If you are ever asked by someone for your RIC password, do not reveal your password and then report the incident to any member of the Security Incident Response Team (Tim McKula, Leyla Erkan, Elizabeth Hills, Rick Marzek, or Mark Thomas).
- Never use your RIC network password for any non-RIC system. For example, don’t re-use your RIC network password for your personal email account or access to your online bank account. While maintaining multiple passwords can be challenging, re-using your RIC network password in a non-RIC system puts the security of your RIC network account at risk if that non-RIC system is compromised by a security breach.
- For your personal passwords (e.g. gmail, yahoo, banking, netflix, etc), use a password manager such as Dashlane, LastPass or Apple’s iCloud keychain service. These services allow you to store and maintain separate and complex passwords for each website or Internet service that you use. Using a password manager significantly reduces the risk of your personal information being compromised.
- Use false but memorable answers for website password recovery questions. Your mother’s maiden name is discoverable in a matter of minutes as is your birth city, high school name, etc. If you enter easily discoverable facts about yourself into a website’s password recovery tool, a hacker can easily reset your password and access your personal information.
Read in detail RIC’s Administrative Policy on Information Security Incident Response.
For the new year, commit to taking time to change your passwords so they are stronger and you are less likely to be targeted and your information compromised.