Looking after your Passwords

I’ve already written recently about passwords, but the headlines this morning about the cyber attack on TalkTalk’s web site are a timely reminder again to all of us about the need to think carefully about how we use passwords online. It may be a while before they find out exactly how the attack happened, and what information the hackers may have got their hands on, but I thought that the Chief Executive, Dido Harding, provided this morning very sound advice to their customers in the circumstances.

One piece of advice related to passwords. Most of us now use so many online services that it is just not practical to have an individual password for each one – nobody is going to remember that, and you’d end up writing them down. Probably not very smart. However, the other extreme – using the same password for everything – isn’t particularly smart either, especially if you also use the same username (which might, for example, be an email address).

If you use the same password across many web sites, then if any one of these is successfully hacked it is possible that hackers will be able to find your password. Once they’ve done that, it’s an easy task for them to try out your password on other sites – your email for example. If they manage to gain control of your e-mail account they can start to impersonate you and cause all sorts of mayhem in your life. It can be very hard to get control of your email account back in this circumstances – most of the major email providers allow you to provide a backup email address and mobile phone number for these situations, so make sure you have these registered.

This can also present a security risk to University systems. If you use the same password to access your University IT Account and lots of other personal accounts, then you could be putting your University account at risk. If one of your personal accounts was hacked, and the hacker knew (or just guessed) that you worked at RGU, they could gain access to your RGU details. Might be a long shot, but I know an organisation where something very similar to this happened.

It may not be practical to have different passwords for absolutely everything, but think carefully about what is really precious to you and use a range of passwords. I would recommend, unless you’re not bothered about losing money, that the passwords you use for any online banking or investments are unique for each account and not used anywhere else. I would also recommend that you at least use a unique password for work, and a unique password for your personal email account and things like Facebook if you use them regularly. Money, work, and your core means of identity and communication – these things are important.

Beyond that it’s up to you – there will be many accounts where you are happy to reuse a password where the risks are lower. Have an Interflora account? Well, maybe a hacker will send a bunch of flowers to their granny – that’s not quite as bad as losing your life savings. Of course, even in these cases, if you think one of them has been breached it is important to change the password you use but at least the stakes are lower while you go about this.

It’s a good idea to keep a list of all your online accounts somewhere to jog your memory. If you really had to change all your passwords, can you really remember everything you’ve signed up to? And if you are finished using any online service – delete your account. It’s one thing less to worry about.

Advertisements

Welcome Back!

Oops – seems like I have neglected the blog over the summer, so time to get it started again regularly with the new academic year under way. First of all a very warm welcome to all new students, and to those returning for another year of study – it’s great to see you all here and that includes those of you who are studying online. All the IT resources mentioned below are for you too.

Also a warm welcome to any members of staff who have started recently.

First things first – if you need any help with anything to do with IT, please do use the IT Help Desk resources, or contact them directly if you need further help. IT Services have updated a lot of the information available online, so even if you are a returning student it’s worth checking these links (if you need to sign in just use your normal username and password):

On Moodle, the IT Help Desk has a new page, with a number of short videos to show you the key IT Resources available to you and how to access them. They also show you how to connect these to your own devices.

On the Student Portal you’ll find additional information and more detailed documents if you want to refer to them:
Follow the Help Desk on Twitter – they use it regularly to give you updates on any changes to our systems, news, and links to helpful information.

Follow this blog – we use it to keep you up to date in a bit more detail on what’s happening, what’s planned, and items of interest.

And of course, if you need to contact the help desk directly you can do that too:

Email: ITHelpdesk@rgu.ac.uk

Telephone: +44 1224 262777
In Person at the Learning Centre located in the Aberdeen Business School building

Opening Times are:

MON to THU – 8am to 8pm
FRI – 8am to 5pm
SAT – 10am to 2pm
SUN – 12noon to 4pm