Password Security Tips
One of the easiest ways to break into your computer is to have a weak or blank password. You may not think that your computer or the information stored on it is valuable to anyone else. However, the access your UCI computer has to the network is greatly valued by hackers. If your computer is compromised, it can be used to attack other computers on campus and around the world.
- Change or reset your password
- If you activated your UCInetID after July 2003, you should have a password reset question on file. You can reset your own password.
- If you do not have a password reset question on file or can't remember the answer, contact the OIT Help Desk at (949) 824-2222.
- Never share your password with anyone.
If someone has your password (especially your UCInetID password) he or she can act on your behalf without your knowledge. This includes reading and sending email, accessing restricted resources, registering for classes, using the wireless network and the VPN. You are responsible for everything done with your account or done from your computer.
- Change your password at least once per year.
If you have shared your UCInetID password, used your password on a computer whose security you cannot verify, or are concerned that your password may have been compromised, change it immediately. Do not reuse your UCInetID password for other accounts. Use a completely different password for Amazon, PayPal, or any other service you subscribe to that is not UCI related.
- It's OK to write down your password, but keep the information in a safe location.
Often people will write down their passwords on a post-it note and store it by their computer or in a desk drawer. It's OK to write a password down, but place it in a locked drawer or cabinet or write down a clue, not the actual password. Treat this written password with the same security you would a credit card or your wallet. It is better to have a long, secure password and write it down than to use an easy one that can easily be compromised.
- Don't reuse your university password for non-university accounts
It is best to never use the same password for multiple accounts, but at the very least don't make your university password the same as you use for another non-university account.
- Don't allow your software to "save" or "remember" your password
Most software doesn't suitably encrypt your password when it allows you to "save" or "remember" it, so avoid doing so or it could easily be stolen by an attacker.
Creating a Strong Password
- Your password should be at least 8 characters long. Longer passwords are safer.
- Passwords should contain at least one alpha character (a-z).
- Passwords should contain both UPPER and lower case letters.
- Passwords should contain at least one non-alpha character including numbers, symbols or punctuation.
- Do not choose passwords that contain personal information like your name, your spouse's name, your children's names or pet's names, etc.
- Do not choose a word that is in the dictionary. These are the easiest to crack.
- Try using an acronym by using the initial letters of a phrase or sentence and substituting some numbers for letters . For example, Hp&tp0a1mfB! = "Harry Potter and The Prisoner of Azkaban is my favorite book!".