- Create a strong password that:
- Is at least 8 characters long
- Does not contain your user name or real name
- Does not contain a complete dictionary word
- Does not contain personal information, such as birthdates, names of family members or pets
- Is significantly different than previous passwords
- Contains uppercase letters, lowercase letters, numerals, and symbols
- Change your passwords often - Changing your password often limits how long a compromised password can be useful. If your password is compromised and you are unaware of the unauthorized access, hackers can access your account until your next password change. Change your password immediately if you think it may have been compromised and notify security@kent.edu.
- Use a Password Phrase - Having a password phrase makes it easier for you to remember your password without making it easier for somebody to guess or hack.
- Unique Account, Unique Password - Have a unique password for each account. This way, if someone gets one of your passwords, they won't have access to all of your accounts.
- Check for a Secure Connection - Don't log into important accounts (such as online banking or email) when you are not on a secure connection. Places that offer free wifi often aren't secured, which means that other people can be watching your traffic and grabbing your password. Check that your websites are secured with HTTPS and wifi connections are secured with WPA2. If no secure networks are available to you, consider using Kent State's Virtual Private Network (VPN)
- Beware of Keyloggers - malicious software known as Keyloggers can steal your password.
- Don't Share Your Password - You are responsible for what happens under your username and password. For more information see Kent State's policy
- Do Not Write Your Passwords Down - If you have trouble remembering your passwords, look into password managers such as LastPass or 1Password
- Beware of Phishing Attempts - Do not reply to emails that ask you to submit your password
While mobile devices such as laptops, phones, USB flash drives, etc are convenient and allow data to be more accessible, they also come with a risk. If the device is lost or stolen, you can lose your data. Any private data on the lost or stolen device is at risk of becoming public, potentially exposing any client or employee data that might be stored on the device and exposing them to the risk of identity theft.
Tips And Best Practices
- Always lock your computer and mobile phone with a password or passcode, and never share your computer with others
- Always lock your room room/office whenever you’re away
- Never leave your computer or mobile device(s) unattended in public areas, even for a few minutes
- Don’t leave your devices in an unlocked vehicle, and never leave it in plain sight, even if the vehicle is locked
- If you must leave your devices in a vehicle, the best place is hidden in the trunk
- Carry your devices in a nondescript carrying case, briefcase, or bag when moving about
- Apply distinctive paint markings (such as indelible markers) to make your laptop unique and easily identifiable
- Only place sensitive information on a mobile device if it is absolutely necessary
- If you must store sensitive information on a mobile device, consider using encryption, a way of scrambling the data so that only somebody with the appropriate key can read it
- Back up your information using cloud-based storage or on portable media such as a flash drive or other backup media
- Protect yourself on public wireless networks
- Turn off your wireless and location information
- Avoid accessing sensitive accounts, such as your banking or credit information, while on public networks in order to prevent anyone from gaining access. If you need to log onto sensitive accounts, log onto Kent State University’s VPN to use a protected wireless network
Don't know how to connect to Kent State University's secure VPN?
What to Do if Your Device Has Been Stolen
The user will need to report the theft to the police. In order to file a complete report, the user will need to have the make, model, and serial number of the stolen device. If the user does not have this information, they can contact the device manufacturer.
If the theft occurred on a Kent Campus:
- Kent State University Police Department
- 330-672-2212
- Stockdale Building
- 530 E. Summit St. Kent OH 44242
If the theft occurred in Kent, Ohio:
- Kent City Police Department
- 330-673-7732
If the theft occurred elsewhere:
- The user needs to contact their local police department
Suggestions:
- If you had any sensitive information on the device (such as credentials for accounts, personally identifiable information, financial information, etc.), it is recommended that you change your passwords as well as request your accounts to be flagged/monitored.
- If the device has any work or client information, the your employer and/or client should be notified immediately.
- Contact the device manufacturer so that they can make a note that the device has been stolen in case the thief tries calling support.
Having a password phrase makes it easier for you to remember your password without making it easier for somebody to guess or hack.
When coming up with a password, people tend to prefer lower case letters over upper case, letters over numbers, and numbers over special characters. People also tend to put numbers and symbols at the end of the password. Hackers know these tendencies, and that makes it even easier for them to crack passwords. Hackers even know the common tricks, like substituting the letters "o" and "i" for the numbers "0" and "1".
A password cracker program can be used to guess your password by trying millions of combinations of numbers, letters, and special characters per second. It will try words, numbers, special characters, and combinations of those together. Depending on the power of the computer, a five character password that is all lower case letters with no numbers or special characters can be cracked in minutes. A five character password with lower case letters, upper case letters, numbers, and special characters, can be cracked in days.
There are two common approaches to password phrases: stringing random words together into a phrase, and taking the first letter of every word in a phrase.
First Letter of Every Word
This is technically the weaker of the two methods (but is listed first because it helps prove a very strong point later on). For this method, you create a phrase that is easy to remember. It can be something personal about you, lyrics from a song, etc. Then, you take the first letter from each word and keep punctuation.
The passphrase:
Kent State University is the number one university in Ohio. Go golden flashes!
Becomes the password:
KSUit#1uiO.Ggf!
Stringing Words Together
The second method involves stringing random words together. This method is the stronger of the two because of the sheer length of the password.
Lets say I take four words from the passphrase used above:
Kent number Ohio flashes
The password becomes:
KentnumberOhioflashes