Passwords: Best Practices

A guide on password security for faculty and staff, detailing essential practices to protect personal and institutional data from unauthorized access and identity theft

 

When creating your password, you should NEVER:

• Use the word "password," even if you alter it with numbers or special characters.
• Incorporate any personal information, such as the full part of any part of your name, into your password.
• Rely on simple transformations like reversing the word, switching case, or using all caps.
• Write down your password and store it in an easily accessible location.
• Choose a password that is commonly used (e.g., NGUTrailblazers1892!) or includes the word "Trailblazers."

A good password should meet the following recommendations:

• Minimum Length: At least 12 characters.
• Complexity: A mix of upper and lower case letters, numbers, and special characters.
• Avoid Common Words or easily guessable sequences.
• No Personal Information: Exclude any part of your nam or other personal details.
• Avoid Reuse: Don’t reuse passwords across multiple accounts.
• No Sequential Characters: Avoid sequences like "1234" or "abcd."
• No Common Substitutions: Don’t use easily guessable substitutions like "P@ssw0rd" for "Password."
• Regular Updates: Change passwords periodically.
• No Repeating Characters: Avoid using the same character multiple times in a row.

Password Security for Faculty and Staff:

• NEVER share your password with anyone. Not even your supervisor has the right to ask for it. If an ITS technician asks for your password while setting up a new computer, consider changing your password when they are done setting it up.
• Do not respond to emails that request your personal information; these are typically fraudulent.
• If you suspect someone else knows your password, change it immediately via the password maintenance portal and notify the IT Service Desk at (864) 977-7272.
• Avoid sharing personal information over the phone, as identity thieves may ask seemingly harmless questions to gather confidential details.
• If an ITS technician requires your password, you will be asked to enter it yourself. Always ask for identification if you are uncertain about the person's identity.
• Consider avoiding the "remember this password" feature in your web browser.
• Always lock your computer when stepping away from it.
• Turn off your office computer at the end of each workday.