Tag Archives: Identity and Access Management

Tip #16 Tips for a Strong, Secure Password

Image: Threats and Attacks Against Your Network, Aries Institute of Technology

Image: Threats and Attacks Against Your Network, Aries Institute of Technology

Yesterday’s Tip #15 mapped out the perils of sharing your password and why it’s important to have a robust and different password for each of your accounts. Today, we offer some tips for creating a strong, secure password.

  1. Don’t use one password across multiple accounts. It’s possible that an employee at a site where you use that password could share it or use it to break into your accounts at other sites.
  2.  Create passwords that are at least 8 characters long. The longer the better; lengthier passwords are harder for thieves to crack.
  3. Avoid using simple dictionary words. If it’s in the dictionary, someone might guess your password. There’s even software that criminals use to test for real words used in passwords.
  4. Infuse numbers, capital letters and symbols into your password. Consider using a $ instead of an S or a 1 instead of an L, or including an & or %. *Note that “$1ngle” is NOT a good password. Password thieves are onto this. But something like “Mf$1avng” (short for “My friend Sam is a very nice guy”) is an excellent password.
  5. Don’t post your password out in the open. This might seem fairly obvious, but studies show that many people post their password on their monitor with a sticky note. Not a good idea! If you feel that you must write your password down, hide the note somewhere where no one can find it.
  6. And of course, never tell anyone your password. Never give it to friends, even if they’re your best friends. A friend might – perhaps even accidentally – pass your password along to others or become an enemy and abuse it.

Our website has more details about Fordham University’s password policies and guidelines.

By Nicole Kagan, Fordham IT News Editor

Tip #15 Your First Line of Defense: Strong Passwords

Image: "Knights in Shining Armor," Pascal, Flickr.

Image: “Knights in Shining Armor,” Pascal, Flickr.

Your workout buddy, Fred tells you his Facebook account is acting glitchy. He wants to look up on Facebook this month’s schedule of classes at Crossfit, so he asks if he can use your account on his phone.

“Sure,” you say. You’ve forgotten that you only met Fred last month. But you feel like you’ve known him forever. He seems like a nice guy. “Easy as pie,” you tell him. “It’s ‘apple123,’” you say while you type next to the blinking cursor. “Thanks, Bud!” says Fred.

Fast forward to the next morning. You’re at Starbucks, and your first cup of coffee is only a gulp away. Except you’re staring at “insufficient funds” on the card swiper. Turns out, while you were sleeping, your buddy, Fred (later you’ll discover his name was not Fred), hacked into your bank account last night. It was easy to do, since you use the same password for everything.

Even though it’s tempting to use a single password that’s easy to remember, that won’t do you any good against hackers, who are pretty smart when it comes to figuring out easy passwords–and even more difficult ones.

A strong password is your first line of defense against intruders and imposters. Also, using a different password for every site you go to is an equally strong line of defense to take.

To be safe, make sure your password uses upper and lower case letters, numbers, and characters. Change it often, too. At Fordham University, we want you to be careful, so we require everyone to change their AccessIT ID password every 180 days. Read more about Fordham’s password policies and guidelines.

 

Tip #14 First It Was Phishing, Now It’s Smishing

Example of a phishing text and how the consumer handled it using Twitter.

Example of a phishing text and how the consumer handled it using Twitter.

On another (very important) note, another phishing technique lures consumers by using text messages containing URLs and phone numbers. Such a message  usually asks for one’s immediate attention, and requires one to respond or click on the URL.

Oftentimes, the message will come from a “5000” number instead of an actual phone number. This indicates the text message was sent via email to one’s cell phone, rather than from another cell phone.

So don’t turn into another stolen cell phone statistic. Or a consumer who’s been tricked. Regardless of what you’re doing, make sure your cell phone is secure and keep an eye out for odd, seemingly “phishy” text messages.

If you think you’ve received a phishing message, contact IT Customer Care immediately: 718-817-3999 or HelpIT@fordham.edu.

Read more about cell phone safety in Tip #11.

 

Tip #9 Think Twice (Or Thrice) Before You Post

Image: Charles Clegg, Flickr

Image: Charles Clegg, Flickr

Always remember: there is no permanent “delete” button on the Internet. Once you’ve posted information about what you’re doing or where you’ve just been, it’s easy for attackers to seize your personal information and take advantage of you. Even if you’ve deleted your post, chances are someone saw your information, and that it’s circling somewhere on the web.

Search engines like Google and Bing make a copy of every single webpage, for example, which they then index and essentially freeze those pages in time, unless they’re refreshed by your browser. Archival services like the Internet Wayback Machine take snapshots of as many sites as they can for research purposes, and the Library of Congress receives regular archival copies of the entire public Twitter universe. Every single Tweet!

Be wary that once you post, people might be able to target you, even if you’ve deleted something from a social media site. Thieves could know that you’re out of town and rob your empty house, or they might choose to snag information off the boarding pass photo you just posted and deleted on Instagram.

So long story short, think twice before publishing sensitive information on the web. Make sure that what you’re posting won’t allow someone to take advantage of you.

Resource: The Internet Doesn’t Have a Delete Key.

 

Tip #6 How to Hide Behind Your Screen Names

Screen Shot 2015-10-07 at 10.11.53 AM

 

John_Smith. Fordham_Baby_Girl. Tatiana19. Fordham_QB_52

When selecting a screen name, avoid a name that might identify you. Even an identifier that partially reveals who you are, like some of the examples in the list of screen names above, can be combined with other online information about you. Together, that information might lead someone to discover your identity.

Use different screen names for different applications; it makes it more difficult for strangers to stalk you. Be safe and smart when you’re online! Choose a screen name that won’t reveal who you are or potentially embarrass you around relatives, future employers, or school admissions officials.

Read WikiHow’s article on choosing a safe screen name.

Image credit: DHGate, DIY Hand Painted Halloween Masks

Fordham IT Implements a New Password Expiration Initiative

Did you know that your AccessIT ID password is an integral aspect of Fordham IT’s online security program? Your password adheres to certain rules that make it complex enough to thwart the potential theft of sensitive information accessed through your Fordham account.
Passwords are often stolen when individuals accidentally respond to fraudulent requests for personal information. This is called a phishing attack and is the most common way for credentials like passwords and credit card information to be stolen. Sophisticated hacking techniques can steal many passwords at one time from large institutions. A password is not just an institution’s first line of defense against a cyber attack. It may also be the weakest link.
A victim of password theft might not discover that their password was stolen because it may not be used immediately. When a stolen password is used, however, it can wreak havoc on the lives of those affected and damage an institution’s reputation. That’s why changing passwords every now and then helps to limit the amount of time a stolen password remains useful.
To help keep personal information and other sensitive data as secure as possible, Fordham IT has implemented the Password Expiration Initiative. All AccessIT ID passwords are set to expire in Spring 2014 unless they are changed by individual users beforehand. Changing your password takes less than two minutes. Once you change your password, it will be set to expire again, in 180 days. (Be advised that the first time you attempt to access your Gmail from a mobile device after changing your password, you will be prompted to enter your new AccessIT ID password.)
Everyone is responsible for protecting Fordham’s systems. The Password Expiration Initiative is an important way for individuals to do their part and help Fordham IT fulfill its commitment to ensuring the online security of the entire campus community.
Please remember that Fordham IT will NEVER request passwords or other personal information via email. Messages requesting such information are fraudulent and should be reported to IT and then deleted. Fordham IT is committed to maintaining the integrity of the university’s online resources.
We can tell you more about the Password Expiration Initiative!
Visit our website http://www.fordham.edu/PWExpire to learn about
  • Town Hall dates and locations
  • Instructions for changing your password
  • Password complexity rules
Follow us on Twitter: @FordhamSecureIT

Coming Soon – More AccessIT ID Services to be Enabled

Scheduled for September 14th, 2009

  • Students will be able to use their AccessIT ID to access their Fordham Student e-mail.
  • University community will be able to login to the VPN (vpn.fordham.edu) with their AccessIT ID
  • Cisco Clean Acccess will be integrated to use your new AccessIT ID

Student E-Mail Integration with AccessIT ID – Coming Soon

Coming soon to AccessIT ID… Student/Mirapoint e-mail Visit fordham.edu/accessit for more information and to sign up for alerts

Blackboard Integrated with AccessIT ID

In our continuing efforts to streamline access to technology services, as of August 7th, 2009, Blackboard has been integrated with your AccessIT ID. All Fordham community members will be required to use their AccessIT ID and associated password to log into Blackboard.

Legitimate Email from Fordham IT (AccessIT ID Password Expiration)

The following is a real message from Fordham IT informing you of a pending password
expiration of your AccessIT ID. The email will be sent to your Fordham e-mail address and
from the account: infosec@fordham.edu. The email will be addressed to your full name, First
and Last name as recorded in the University’s system of record. If you have any questions or concerns about this email’s legitimacy please feel free to contact
the University Help Desk at (718) 817-3999 or via email: helpdesk@fordham.edu.

To: your_e-mail_address@fordham.edu
From: infosec@fordham.edu
Subject: Your AccessIT ID Password Is Expiring
Dear Last Name, First Name:
You are receiving this message because your AccessIT ID password is
about to expire on XX/XX/20XX. Please go to the Fordham University
portal to initiate your password change. Once the password expires you
will be unable to log in. If your password does expire you can still reset
your password using the instructions below.
Password has not yet expired:
1. Manually type the following URL into a web browser:
portal.fordham.edu
2. Click the link "Manage Your AccessIT ID"
3. Log in to the Fordham Identity Manager with your current AccessIT ID
and password
4. Click "Change Password"
5. Enter a new password as instructed and click "Continue"
Password has already expired or you forgot your password:
1. Manually type the following URL into a web browser:
portal.fordham.edu
2. Click the link "Having problems logging in? Click here."
3. Click the link "3. Forgot your Password?"
4. Enter your AccessIT ID and click the Submit button
5. Enter the answers to your previously defined challenge questions and
select Login
6. Enter a new password as instructed and click "Change Password"
Should you feel you have received this message in error, please contact the
University Help Desk at 718-817-3999 or via e-mail to:
helpdesk@fordham.edu to assist you.
For more information about this password change requirement, please visit
the Fordham University IT Security Web Site: www.fordham.edu/itsecurity
Please note that whenever you change your password, the expiration period
is reset for another 90 days. This means that you must go through this
process within 90 days from each password reset.
Thank you,
Shannon Ortiz
Fordham University Information Security Office
Director of IT Security

**** This e-mail has been auto-generated. Please do not respond. ****