How secure is your password?
The incident response team (IRT) have several ideas about how to create a good password.
The incident response team (IRT) at LiU is often compelled to suspend or limit user accounts at LiU. Two major events were an occasion on which passwords were compromised and published on a list of passwords, and that accounts were prevented from accessing the network after they were used to spread spam from LiU.
When an account is suspended, you may have to reactivate it with a new activation key, which is obtained from the Info Centre. In this case, you may be unable to log in to your LiU account until you reactivate it. If you’re unlucky, you may have a laboratory exercise, a deadline for a hand-in assignment in Lisam, or a distance exam during the period when you don’t have access. Make sure that you have a good password, and in this way (hopefully) avoid the problem.
So – what is a secure password? Here are some ideas for how to create one:
- Make up a jingle that you can remember easily. The password itself is then the first letter of each word. You should, however, remember to use both uppercase and lowercase letters with some numbers and special characters.
- Do not use your name or other personal information as a password or even part of a password. It is far too easy to find such information.
- It can be a good idea to use a passphrase as an alternative to a classical password. Passphrases are often easier to remember and easier to type in (despite being longer), while giving increased security. Passphrases consist of a number of randomly chosen words. Numbers, special symbols and similar characters are not necessary, provided the words have been chosen truly randomly.
- Never use the password for your LiU account for services outside of LiU.
When you change your password in MinIT, its complexity is checked, and whether the new password is on any list of compromised passwords.
Phishing is frequent
A common method by which passwords are compromised is phishing. This often takes the form of an email that encourages you to log in to what appears to be a trustworthy website, or that requests that you reply immediately to a sender who turns out to be someone else. It may also be naked threats to force you to make a payment. Many other forms of phishing are known. Learn to recognise phishing, and see some examples here (the page is intended for co-workers at LiU, but students will also find useful advice here).
Change your password
You can change your password in the “My y accounts” section of MinIT.
Last updated: 2020-04-24