Diversify your risk by using different passwords in different places. Don't use the same password for all your accounts. Use your strongest passwords on your most important accounts. Change your passwords regularly.
Defend your email. Your email account is the crown jewel of your online identity. Password resets, bank statements, personal details, and creative phishing scams are available to anyone who can read your email. The best way to protect your email is to use two-factor authentication. In your Google account settings, choose "manage security" to turn on "2-step verification."
Make a Strategy
Plan a security strategy so that you can keep track of many strong passwords. Different strategies work for different situations. For example, if you have a computer in a locked room, then it is OK to let the computer remember your passwords. If you keep papers in a locked room, then it is OK to write your passwords down on one. Don't carry passwords in the same bag as your computer or smartphone. If you keep a list of passwords in a spreadsheet, use an encryption tool and don't name the file "passwords." Know how to clear the cache on public computers, and don't do sensitive work on any open wireless network. Always lock smartphones and mobile computers with a strong password.
Get and use a personal email account. In addition to your Morningside work email, you should have an email account for personal use. Don't let a breach at work compromise your personal life, and don't let your personal life add to a student's risk.
Avoid passwords that are quickly hacked by machines. Short words, anything in a dictionary, double words, and substitutions are easily broken, so avoid passwords like "RedSox", "gloriagloria" and "Pa33w0rd". Make passwords more than 10 characters long.
Treat security questions just like passwords. Don't use answers that a machine could guess in as few as a thousand tries. Instead, use long and unique answers. For example, your favorite car may be a "Lear Jet 2 Tahiti" and your best friend may be a "Cat On A Hot Tin Roof".
Don't share your passwords with anyone. System administrators will never use email to ask for passwords. Office workstations should never use generic accounts.
One way to develop new passwords is to pick a favorite song, break it into phrases, and create several passphrases such as "HayVeeDcpls234", "vIb888supFRFL!", or "WeeeJst777taRk." Or build an acronym such as "rk&rl*At*nspn" from AC/ DC's "Rock and Roll Ain't Noise Pollution."
Department of Information Services, June 2014