1. Home
  2.  » 
  3. How To . . .
  4.  » Keep Passwords Secure

Keep Passwords Secure

One of the easiest ways to break into your computer is to have a weak or blank password. You may not think that your computer or the information stored on it is valuable to anyone else. However, the access your UCI computer has to the network is greatly valued by hackers. If your computer is compromised, it can be used to attack other computers on campus and around the world.

 

Changing Your UCInetID Password


  • Change or reset your password (Click on Change Password)
    • If you activated your UCInetID after July 2003, you should have a password reset question on file. You can reset your own password.
    • If you do not have a password reset question on file or can’t remember the answer, contact the OIT Help Desk at (949) 824-2222.

 

Password Tips


  • Never share your password with anyone.
    If someone has your password (especially your UCInetID password) he or she can act on your behalf without your knowledge. This includes reading and sending email, accessing restricted resources, registering for classes, using the wireless network and the VPN. You are responsible for everything done with your account or done from your computer.
  • Don’t reuse your university password for non-university accounts.
    It is best to never use the same password for multiple accounts, but at the very least don’t make your university password the same as you use for another non-university account. Use a completely different password for Amazon, PayPal, or any other service you subscribe to that is not UCI related.
  • Don’t allow your software to “save” or “remember” your password insecurely.
    Most software doesn’t suitably encrypt your password when it allows you to “save” or “remember” it, so avoid doing so or it could easily be stolen by an attacker.
  • Change your password periodically, or immediately if you suspect compromise.
    If you have shared your UCInetID password, used your password on a computer whose security you cannot verify, or are concerned that your password may have been compromised, change it immediately. Since you don’t always know exactly when a password is compromised, you may want to change it periodically to be proactive.
  • Enable Multi-Factor Authentication.
    No matter how strong a password is, it is never as strong as multi-factor authentication. See how to enable multi-factor authentication.

 

Creating a Strong Password


  • Your password should be minimum 8 characters long. Longer passwords are safer. Think “passphrase” instead of “password”.
  • Passwords protecting high value resources should be minimum 12 characters long.
  • Passwords should contain at least one alpha character (a-z).
  • Passwords should contain both UPPER and lower case letters.
  • Passwords should contain at least one non-alpha character including numbers, symbols or punctuation.
  • Passwords should be unique and not used for other accounts.
  • Do not choose passwords that contain personal information like your name, your spouse’s name, your children’s names or pet’s names, etc.
  • Do not choose a word that is in the dictionary. These are the easiest to crack.
  • Do not choose passwords that someone else has used in a previous breach, can check via Pwned Passwords.
  • Try using an acronym by using the initial letters of a phrase or sentence and substituting some numbers for letters . For example, Hp&tp0a1mfB! = “Harry Potter and The Prisoner of Azkaban is my favorite book!”.
  • Check estimated time to crack a password and password strength testing tool.

 

Setting Your Computer Password


 

Managing Your Passwords


Password Managers are software applications that store and protect all of your passwords in one secure place. They act as a virtual safe. They generate complex, unique passwords for each of your accounts, and enters the passwords for you so that you don’t need to remember them all anymore. The only password you have to remember is the one for your password manager.

1Password Business is one such tool and is available for UCI faculty, staff, and students to use.  For more information about 1Password and on how to sign-up, please visit the OIT 1Password Business informational page.