Password Compromise
Posted on: 14 January 2016
By: wolfeg
No Comments »
Filed under: Uncategorized
This month our Information and IT Security Officer, Graeme Wolfe looks at passwords, and toothbrushes!
Some years ago a Danish colleague of mine likened his password to a toothbrush. I asked him to explain further and he said “Passwords are like toothbrushes, because you use them daily, you should change them regularly, they are personal to you and you would not share them with others”.
Over the past few years there have been a number of high profile security breaches of various internet based services (Sony, LinkedIn, Twitter, Play, Adobe, eBay, Ashley Madison and most recently Talk Talk) where passwords used to access those sites have been compromised.
If you have an online account with any organisation that has suffered a security breach, then at the very least you should immediately change any passwords you use with them – even if you think your account may not have been affected or accessed. Don’t forget to change any passwords to other linked accounts too. e.g. social media links to Facebook, Twitter, Google+.
A recent Ofcom study showed that 1 in 4 people reuse the same password for their online activities and with so many online accounts it’s easy to see why people do this. If you reuse passwords on multiple online accounts, then if one of the online accounts has a security breach, you should also change the password to all other accounts where you reused that password.
This is why it is important that you do not to use your University network password for other external sites and services.
It is also becoming common for criminals to send out ‘phishing’ messages soon after a high profile security breach. They aim to trick people into revealing their details by asking them to click on links in emails to ‘update their details’. You should always avoid links in emails asking you to do this and go directly to the site from a known bookmark or by typing in the web address manually.
Many internet sites and portals will not require you to change your passwords on a regular basis. To maintain security of your account the University requires that staff change their network password every 90 days and for students it is every 365 days. With this in mind you may wish to do the same with accounts you have with other online services by setting yourself a reminder to change those passwords on a regular basis.
There is a lot of good advice and information on passwords and how to keep yourself safe online at these websites:
https://www.getsafeonline.org/protecting-yourself/passwords/
https://www.cyberstreetwise.com/passwords
You can also read information on passwords and internet security on the University IT security webpages https://www.westminster.ac.uk/library-and-it/it-and-software/it-security/strong-passwords
Graeme Wolfe
Information and IT Security Officer
11/01/2016