Home » Secure IT » Passwords

Passwords are a critical information security component.  Passwords are used to authenticate, or validate, that the person using your Logon-ID is really you.  However, passwords are also one of the most common targets of people trying to access information without authorization.

1. Use passwords that are difficult to guess.
2. Change your passwords at least twice a year. (For your NetID password, this is required.)
3. Memorize your passwords instead of writing them down.
4. Never share your passwords with anyone.

 

Note: Nobody should ever ask for your password. Nobody. Not DoIT staff, not the Service Desk, not even the University Public Safety officers. If anyone requests your password, contact security_team@creighton.edu.

 

1. Whenever a computer or program gives you the option to have it save your password for you, do not select this option. Having the computer or program save your password for you is almost the same as sharing your password with anyone who has access to that computer or program.

We all have lots of passwords to remember and there are several myths about good password security.  The first myth says don't write down your passwords.  Although, theoretically a good idea, it is not practical in today's online world.  The second myth says you must use a different password for each individual system.  Again this is a great idea on paper, but not practical or easy to implement.  Here are two recommendations for managing your passwords securely, logically, and with the least amount of pain and inconvenience.

 

Recommendation #1: Consolidate your passwords into a few strong password that are used over multiple sites.

 

Create a password for sensitive University systems, such as your NetID, IDX logon, etc.  Use this password for all critical University system, because these systems manage confidential data this password should be strong and complex.

 

Create a second password for the less sensitive systems on campus.  This password should be strong but may be less complex than the first password.  Use this password on all critical University systems and non-sensitive personal uses, such as your personal Hotmail account, various non-sensitive websites, etc.

 

Create a third password for your personal sensitive websites, such as your online banking application.  Because this password has access to your financial information it should be very strong and different from the previous two passwords.

 

Creating barriers between various Creighton and personal systems is strong security, however, attempting to remember and manage too many passwords can easily lead to weaker security.

 

Recommendation #2: Utilize a password vault program.

 

A password vault is a software program that securely stores all your passwords on your desktop computer. No matter how many passwords you store, you need only remember your master password to access all of them.

 

Password vault software is a great way to securely record your password.

 

Using either of the recommendations above will simplify your password management responsibilities and increase information security at Creighton and at home.

1. Never tell your password to anyone!
2. Never write down your password in an obvious location.
3. Make your password hard to guess — do not use the name of your pet (or your kid).
4. Avoid using words found in a dictionary.
5. Never write down your password in an obvious location.
6. The more random your password, the better.
7. Be sure that you don't use personal identifiers in your password (like your name or NetID).
8. Never write down your password in an obvious location.   
9. Take responsibility for your NetID.
10. ...and never tell your password to anyone!