Passwords

From an email circulated by the Anderson School:

SHARED PASSWORDS

Employees often have what seem to be good reasons for sharing a password. Password sharing makes it easier for multiple users to access a team account. Leaving a password on a sticky note under a keyboard allows a co-worker to log in to a business account in an emergency when the owner is out of the office. Managers share passwords so they can delegate tasks. Nevertheless, however well-intended, password sharing is a substantial security threat to Anderson.

NEVER SHARE YOUR PASSWORDS WITH OTHERS Password integrity is one of the foundational elements of security practices here at Anderson. Password sharing is a violation of UCLA Policy 403.* Additionally, it is a violation of UCOP Standard SC-0010.** Passwords are access keys that help to prove you are who you say you are, and help to ensure your privacy. Compromised passwords provide access to systems for unauthorized personnel.

Here are other ways to help make your digital life more secure.¹ Use different passwords for different accounts. That way, if one account is compromised, at least the others won’t be at risk. Use multi-factor authentication (MFA). Even the best passwords have limits. Multi-Factor Authentication adds another layer of protection in addition to your username and password. Generally, the additional factor is a token or a mobile phone app that you would use to confirm that you really are trying to log in. Length trumps complexity. The longer a password or passphrase is, the better. Strong passwords/passphrases are 10-64 characters in length. Make passwords that are hard to guess but easy to remember. To make passwords easier to remember, use sentences or phrases. For example, “breadandbutteryum”. Some systems will even let you use spaces: “bread and butter yum”. Avoid single words, or a word preceded or followed by a single number (e.g. Password1). Hackers will use dictionaries of words and commonly used passwords to guess your password. Don’t use information in your password that others might know about you or that’s in your social media (e.g. birthdays, children’s or pet’s names, car model, etc.). If your friends can find it, so will hackers. Complexity still counts. To increase complexity, include upper and lower case letters, numbers, and special characters. A password should use at least 3 of these choices. To make the previous example more secure: “Bread & butter YUM!” === *http://www.adminpolicies.ucla.edu/APP/Number/403 **https://security.ucop.edu/files/documents/policies/account-and-authentication-management-standard.pdf