jmacfadyen 
World Password Day on the first Thursday of May (2nd May this year) provides a yearly reminder for us all to evaluate our passwords. The NI Cyber Security Centre (NCSC) is encouraging us all to assess the strength and security of the passwords we use to secure our online accounts from hackers by taking the ‘Password Pledge’. This year’s Password Pledge is:
Secure your online accounts, put an end to weak passwords!
If you use the same password on multiple accounts, such as your email, online banking, online shopping and social media, a cyber criminal can access all of them by cracking just one password. This leaves you exposed to identity theft, financial loss, extortion, fraud and other cyber crimes.
Universities under threat from cyber criminals
This 2023 UK Government report shows that UK universities are at high risk of major cyber security incidents. Universities are often seen as easy targets due to the thousands of individuals using a multitude of devices, each with varying degrees of security protection.
Cyber criminals can also make money from information we hold such as:
- Personal and financial information
- Research data and intellectual property
One way we protect this information is by ensuring that everyone must have a username and password to log in to University systems. This, coupled with Multifactor Authentication (MFA), is vital in securing our systems from unauthorised access.
Look after your IT account credentials
It only takes one user name and password to fall into the wrong hands for a security breach to occur.
We all have lots of passwords to remember, so we often use insecure methods like reusing passwords across different accounts, or using a few common ones.
Is my password strong enough?
Hackers use password crackers which are capable of processing more than 200 million password suggestions per second, so most common and easily guessed passwords will take around two seconds to crack.
- Check how long it would take to crack your password on Kaspersky’s password checker (this does not save your password).
- You can check if your password has been listed in a data breach on HaveIbeenPwned.
If you use a common, easily guessed password across multiple accounts, the likelihood is that your details are already available to hackers.
The best way to make your password difficult to hack is by using a sequence of three random words you’ll remember – the longer the better.
A reminder of the minimum password criteria for University of Reading IT account passwords:
- Password at least 12 characters in length
- Must not contain your username.
- Must not contain repetitive or sequential characters e.g. ‘aAAa’ or ‘1234’
- Should not be a recycled password or recycled with the addition of a character e.g. changing “Password1” to “Password2”.
Further guidance on how to create a strong password.
How can I remember them all?
Save your passwords in your browser when prompted (how to for Chrome, Edge, Firefox); it’s quick, convenient and safer than re-using the same password.
Alternatively use a password manager to create and store passwords. The NI Cyber Security Centre looks at how and some examples in this post.
What are my responsibilities?
A reminder of the University of Reading regulations for keeping your IT account safe:
- Do not share or re-use your account credentials or passwords with anyone else
- Do not use non-University email and credentials for University business
- Do not use your University email and credentials for non-University business
This applies to everyone who has been given a University of Reading IT account and password, i.e. staff, students, contractors, consultants, visitors, etc.
Worried that your credentials have been shared?
If there’s any sign that your account has been compromised, or you think someone else may have your credentials, change your password immediately and report it to the IT Service Desk.
Further reading
World Password Day (ncsc.gov.uk)
Cyber Aware Campaign (ncsc.gov.uk)
Stop! Think Fraud – How to stay safe from scams (stopthinkfraud.campaign.gov.uk)
University of Reading Information Compliance Policies (IMPS)