Passwords

Would you drive in a car without a seatbelt?

Would you walk down a dark alley in a dangerous city?

Would you give a key to your house to everyone in your neighbourhood?

If the answer is no, then you must apply the same perspective to visiting websites and managing passwords.

Online systems are constantly under attack from criminals around the world.

The College network and services employ many precautions and security measures, however if you have a weak password or if someone else knows your password you are an easy target for a criminal who wants to use your account to get past security systems and gain unauthorised access to your identity and all of the information you have access to. This applies not only to your College account, but every online service you use.

You may think that you have nothing of value to an online thief. But your identity in itself is invaluable and can be used to spy on or extort your family, other people or businesses.

What should you do?

1

Understand what makes a good password

Understanding passwords

The Check Out - Passwords

ABC has a consumer affairs show called The Check Out. They aired a segment aimed at explaining the various concepts and practices surrounding good password management.

The video does a good job explaining everything with one omission; Two Factor Authentication.

Two Factor Authentication is a system used where your mobile phone number is linked to an account and you are sent a one-time code for certain actions such as logging in or transferring a certain amount of money.

Where possible you should always enable Two Factor Authentication.

A brief history of bad passwords

A brief history of bad passwords

A Lightning Talk from Kyle Rankin, Purism chief security officer.

This talk covers the introduction and evolution of passwords, along with the equal evolution of applied weakness.

Mandated password policies don't work because they don't consider how people use passcodes in real life—but attackers do.

2

Set your St Scholastica’s College account with a strong password.

A strong password is better known as a passphrase. The longer a passphrase is, the harder it is for an attacker to guess. We suggest using four or five random words with spaces in between. This is a lot easier to remember and type than the typical "P@55w0rd" type formula and it is much, much more secure.

Making a secure passphrase is easy: pick four random words and include spaces. For example, "Amazing Rhubarb Detective Feline"

Don't use names, birthdates, nicknames, or pet’s names.

Password crackers know that a typical password is; letters+numbers+special characters, eg; secret88!! Avoid these types of passwords and use a passphrase instead.

3

Set long, unique passwords for all services you use, including your laptop.

Always use a different password for different things and never re-use a password. Why? Let's say you use a passphrase for your school account and then use the same passphrase with your school email address on an online shop. If the online shop gets hacked and its user data is leaked on the internet (this happens all the time, even to big companies like Yahoo!) criminals can sign in to your school account and act as though they are you.

Check your email addresses at https://haveibeenpwned.com to see if they have been involved in a known data breach. If one of your addresses has been affected, change your passphrase for that account immediately. If you have used that passphrase elsewhere, set a unique one there too.

Also be sure to get a good password for your laptop and other devices. If you have a simple password that's either easy to guess, or people see you entering it.. that password becomes the gatekeeper for all of your other services allowing someone who knows it to sign into your device and gain access to any other remembered passwords.

4

Use a password manager

A password manager helps solve the issue of creating and remembering lots of strong passwords. Find out more here.

Other things to do

Set strong, unique passwords for all other services you use, both personally and professionally.

Always use a different password for different things and never re-use a password. Why? If you use the same password for an online shop that you use for your College account, if the shop login data is hacked it means they can then get access to your College account, along with all the data it has access to.

Use a Password Manager to keep a track of all of them.

Check if your email address has been involved in a hack.

You can check if your email address, both College and personal, has been breached in an online hack;

Go to https://haveibeenpwned.com and enter your personal email addresses to see if it they have been involved in a known data breach.

Never leave your laptop or phone unattended.

Personal electronic devices are a treasure trove of sensitive information.

Always Lock your laptop screen when you're not using it: Press Windows Button + L to instantly lock your screen.

Never leave your laptop unattended outside the toilets, in a carpark or even on your desk near a door.

If you notice something suspicious with your account, notify the IT Department immediately.