Cybersecurity Awareness Month: practise good password protocol

News | Posted on Friday 25 October 2024

From Facebook or Instagram, online banking apps, work emails and even sensitive research data, all of us rely on passwords to protect both our personal and professional private information.

A compromised password can lead to identity theft, financial loss and reputational damage for individuals and organisations such as the University.

Following good password protocol is a crucial part of making sure this information is kept safe:

  • Choose a strong password. IT Services have a set of guidelines for choosing password, they must be between 9 and 72 characters and contain a mix of upper and lower case letters and at least one number or punctuation symbol. Read more about choosing a strong password
  • Don’t repeat passwords. Having the same or similar passwords for all your accounts or services means that if one is compromised, hackers could use it to try and access your other accounts. When people repeat passwords they often rely on easy to remember ones which are easier to crack.
  • Never share your University passwords. Nobody in IT Services will ever ask you to reveal your passwords either in-person, on the phone or by email and you shouldn’t share them with anyone else.
  • Store passwords properly. Never store unencrypted passwords in apps, documents, or spreadsheets. Unencrypted passwords can be seen whenever the app, document or spreadsheet they are kept in is open. It also means they can be read by anyone who glances at your screen or in the event that someone manages to access the account where your passwords are stored. Instead, use a password manager. Password managers are websites or apps which securely store your login credentials as well as allow you to safely share passwords to services and accounts which multiple people need access to. At York we use the password manager LastPass, everyone at the University can request an account in LastPass, to request one please contact IT Services