On This Page:
Setting up and maintaining safe passwords is essential to online account security. Some simple tips you can use to create safe passwords are provided below. Your department may have other security policies that you must follow if they conflict with these password tips.
What's at Stake?
If your password is compromised, you jeopardize:
- Your privacy & reputation: Intruders may gain access to your email, bank account, and other sensitive information. Your identity may be stolen. Your email can be used to send defamatory messages in your name and your computer can be used to host illegal materials.
- Your files: The contents of your computer may be destroyed or compromised.
- Other computing resources: Hackers could use your computer to attack other computers.
It is critical that you create strong passwords that you maintain appropriately. Remember, in computer security, passwords are always the weakest link!
Use Different Passwords for Different Services
If you are using the same password for your email, bank account, and computer, and one account is hacked, all other are at risk. Create at least three different passwords. For:
- Your IT Account
- Accounts that contain sensitive personal information (e.g., your bank account)
- Web sites that require registration (e.g., Amazon)
To keep track of your passwords, use one of our password strategies.
Change Your Passwords Regularly
Passwords become vulnerable over time. To reduce the risk of your computer being compromised, we recommend that you change your passwords at least twice a year. If you suspect that your password has been stolen or compromised, change it immediately. Learn how to change your IT Account password in SPIRE.
- Malware and other viruses are known for stealing passwords. Please change all your passwords after cleaning up from a virus infection. If you suspect your computer has a virus, do not access any service that requires you to enter a password (e.g., online banking).
- If one of your computing devices has been lost or stolen, it is important to change your passwords to reduce the risk of having your information security compromised.
- If you have administrative access to the Human Resources or Finance systems, you are required to change your IT Account password every 180 days. more...
Do Not Share Your Password
By making your passwords available to others (even people you trust), you put your personal information at risk. Please do not share your passwords!
Never send passwords or other sensitive personal information via email even if the original message appears official. Learn more about phishing scams. Note: UMass Amherst IT will never ask for your IT Account password or other sensitive information via email.
Some applications will offer to save your passwords. Always choose 'No' when prompted to save a password online. We recommend that you create a reminder for your IT Account password and use our password tricks to create strong passwords that you can actually remember.
Avoid Writing Down Your Password
Storing passwords on post-it notes on your monitor is an open invitation to access your information. At UMass Amherst IT, we believe no location is safe enough for storing passwords. If you absolutely must write down your passwords:
- Write down password hints, not the actual password.
- Keep your user name and passwords separate, not in the same document.
- Use a safe location (e.g., your wallet, a locked file cabinet, or password storage software).