Passwords - Article 2: Password Security

October 28, 2013

Last week's National Cyber Security Awareness Month article part 1 of 2, focused on creating good, strong passwords that will be difficult for hackers to crack or guess. It is also important to keep passwords secret and secure so others can't use them or find them.

This week's article - the last in this year's Cyber Security Month series, focuses on practical ways to keep track of and protect your passwords.

Protect Your Passwords!

In addition to making sure your passwords are complex and hard to guess, keep them secret. ITS staff will not ask you for your password and neither should anyone else. Also, don't let your applications or browser remember/store passwords that provide access to restricted systems or data (personal or work-related). That way if someone gets access to your computer, they don't also get access to all of your sensitive accounts. See the UCSC Password Standards for additional password security information:

Password Managers - For storing multiple passwords securely:

Keeping track of all of the passwords in our lives can be a challenge. Passwords can be securely stored using a variety of free and low-cost encryption tools designed to manage passwords, including your computer's keychain, LastPass, 1password, Password Wallet, PasswordSafe (PC) / (Mac), and KeePass (PC) / KeyPassX (Mac). [1]

  • Important notes:
  • Master passwords providing access to these tools must meet the minimum strength and security standards stated in these Standards. For keychains, this is the password used to access the computer.
  • Do not store passwords providing access to restricted data on a non-UCSC service provider's website. See Use of Free Services for details and additional guidance.
  • Note: The above products are examples that the UCSC IT Security group has looked at. Links to their websites do not represent endorsement by the University of California or its affiliates.

Two-Factor Authentication:

In today's age of high-powered computing, even good passwords are vulnerable to attackers. Two-factor authentication is an easy way to add an additional layer of protection above and beyond just a password. Two-factor authentication typically uses a code in addition to your username and password. For example, with Google's two-factor authentication, each time you log in, Google sends a new code via text or voice message that you will need to enter. This means that to access your account, a hacker would not only need your username and password, but also your phone in order to get in.

More and more companies are offering two-factor authentication as an option; ITS recommends you use it where it is available.

Additional Information

For questions or assistance, contact the ITS Support Center