No matter if your data sits on your desktop computer, on a file server, or is part of your electronic mail system, the first line of defense for protecting it is a strong password. A strong password can mean the difference between your system being broken into (and the data stolen) or your system being passed over for “greener pastures” (easier systems to be broken into).
Using strong passwords is a requirement for all state-owned systems, as well as mandated by both the Gramm-Leach-Bliley and Health Insurance Portability and Accountability Acts (both directed by the federal government).
Forget your password?
If you forgot your university domain password, use the University Self-Service Password Reset. For further assistance, users can contact the IMS Service Desk at 210-567-7777.
How to build a password
- It must be easy for you to remember, but difficult for anyone else to guess
- Make the password long and as complex as you can remember within the confines of the operating system
- Include uppercase and lowercase letters
- Use numbers
- Include punctuation, the more the better
- Start thinking more about passphrases, and less about passwords
How to build a passphrase
Passphrases are words or portions of words that make up a phrase or sentence.
- Make the phrase relevant to you; this will make it easier to remember. You can use a movie title, book title, song title, song lyrics, quotations, destinations, etc.
- “Casablanca” is both a Humphrey Bogart movie from 1942 and a destination. To turn this into a passphrase, do some letter-number swapping and add some others. An example passphrase here could be “C@sabl@nca1942!” This is a 15-character password that would be easy for you to remember, since you know the basis for the phrase, but difficult for anyone else to guess. Note: While this is a great example for a password/passphrase, don’t use it. Never use a password others have seen or used.
- Passphrases can and should be made sufficiently complex to discourage password hacking.
- Be creative.
People will try to get your password using creative means to entice you to share your password with them.
“Social engineering” is the term given for convincing people to give confidential or compromising information about themselves or their organization by posing as someone in authority or as a technical representative. A common trick is for an individual posing as technical support to contact the administrative staff of a busy department leader. Claiming to be working on the leader’s e-mail account (always very important), the individual will claim to need the leader’s password to repair the account. No legitimate Health Science Center employee will ever ask you to reveal your password. If anyone does ask for it, immediately contact your supervisor and the IMS Service Desk at 210-567-7777.
Don’t share your password
UT Health San Antonio policy does not allow users to share passwords with anyone. A main reason is that you are not able to disprove transactions made by others in your name, including any mistakes or misdeeds done by those who have access to your passwords.
Other protections
People could be watching you type your password. We call this “shoulder-surfing” because it is thought that people could be looking over your shoulder while you type.
Don’t use the same password for everything. If you do and someone guesses one password for one account, they can potentially get access to every account you have that uses the same password. Instead, use a password manager you can keep on your smartphone or tablet. The password manager stores all your passwords securely, protected by a master password of your choosing; make it a very good password..
Don’t write down your passwords
Do not write your passwords down. Instead, use a password manager you can keep on your smartphone or tablet. The password manager stores all your passwords securely, protected by a master password of your choosing; make it a very good password. Do not hide passwords under mouse pads, keyboards or inside unlocked desk drawers.