As you start to sign up for more than one social media platform, you will likely be asked to come up with more than one password. Are you the type of person who has one password for all of your accounts? Does your password include “123?” Sometimes it can be difficult to resist the urge to use your favorite password, and it can be even harder to remember new ones for all your different accounts.

The Office of the Vice Provost for Teaching and Learning (OVPTL) wants to help you lower your stress while raising security standards when it comes to managing your social media accounts.

Here are ten ‘Do’s and Don’ts’ to act as a basic reference guide while you continue to connect to students across various social media platforms

  1. DO create unique passwords that that use a combination of words, numbers, symbols, and both upper- and lower-case letters.
  1. Do NOT keep a password for too long. We all have favorite passwords that we have had for a long time. We remember them easily, making it all the more likely to eventually fall into the trap of a “default password.” The problem is that oftentimes the longer you have a password, the less secure it could be. If you have had your same password for years, it might be time for a change. If anyone else knows or suspects your password and you don’t want them to use it, change it as soon as possible. Also, if you are hiring students and they stop working for you, it is best practice to immediately change your passwords so that they no longer have access to your accounts. If you have shared cloud based documents or files with student workers, you should remove their access when they stop working for your program or department.
  1. DO create long passwords. Complexity is nice, but research shows length is key. It used to be the case that picking an alphanumeric password that was 8-10 characters in length was a pretty good practice. These days, it’s increasingly affordable to build extremely powerful and fast password cracking tools that can try tens of millions of possible password combinations per second. Just remember that each character you add to a password or passphrase makes it an order of magnitude harder to attack via brute-force methods.
  1. Do NOT choose passwords based upon details that may not be as confidential as you’d expect, such as your birth date, your Social Security or phone number, or names of family members.
  1. DO play with your security question answers so that only you can answer them. By updating your answers to the security questions, you won’t have to worry that your information could be used to gain access to your accounts.
  1. Do NOT use words that can be found in the dictionary. Password-cracking tools freely available online often come with dictionary lists that will try thousands of common names and passwords relatively quickly. If you must use dictionary words, try adding numerals to them, as well as punctuation at the beginning or end of the word.
  1. DO consider using a password manager. Programs or web services like RoboForm (Windows only) or Lastpass (Windows and Mac) let you create a different password of comparable strength for each of your sites. Services such as these are convenient in that you only have to remember the one password to access the program or secure site that stores your passwords for you.
  1. Do NOT store your passwords where they can be easily found. Make sure you don’t store the information in plain sight on your desk. The most secure method for remembering your passwords is still to create a list of every Web site for which you have a password, and to write next to each one your login name, and a clue which holds meaning only for you. If you forget your password, most websites will email it to you (assuming you can remember which email address you signed up with).
  1. DO use a “password” or fingerprints for your mobile devices as well. Most phones can be locked so that the only way to use them is to type in a code, typically a string of numbers or maybe a pattern you draw on the screen. Some new phones allow you to register fingerprints, which are quite secure. Sometimes when people with bad intentions find unlocked phones, they use them to steal the owners’ information, make a lot of calls, or send texts that look like they’re coming from the owner.
  1. DO NOT give out your password to anyone. Never give your password to friends, even close ones. A friend can inadvertently pass your password along to others — or even become an ex-friend and abuse it.

As long as you follow these ten simple steps, you can surf the web with confidence, knowing that your passwords are effective enough to keep you and your information as secure as possible.

If you need help with with passwords or cyber security best practices, feel free to email Ryan Foland at rfoland@uci.edu.

Comments are closed.