Cyber Security Awareness Month: Week 1 - Passwords
IT Security is an important aspect of keeping the BCIT community safe while also protecting our information. For the entire month of October, IT Services will be posting a series of topics which will dig into best-practices to ensure that we stay secure. What’s up first? Everyone’s favourite topic – Passwords!
Week 1: Change your password – It’s probably time!
Have you had the same password across multiple accounts for a very long time? It is probably time to change it. Use the following tips to keep yourself safe and your passwords strong!
Change your old passwords
- If your passwords do not get changed on a regular basis you are leaving yourself open to be compromised.
- If a hacker obtains access to one or more of your accounts, they can perform malicious acts disguised as you – talk about a bad reputation!
- Your BCIT account contains confidential and sensitive information which should be protected. Use these instructions to change your BCIT password right now!
- It can be frustrating having to change your passwords all the time. Changing passwords too frequently isn’t effective either. This leads to using shortcuts or reusing old passwords. Password change intervals of 90 to 100 days are adequate for passwords of 15 characters or more.
Did you know: BCIT passwords must not be the same as any non-BCIT accounts or services (such as personal ISP accounts, free online email accounts, instant messaging accounts, or other online services). (BCIT Policy 3502)
Use a strong password
The more characters you have in your password, the longer it would take for a cyber criminal to hack your account.
A password of a minimum length of 15 characters is considered adequate.
Recently, experts discovered that using short and complex passwords can be impossible for people to remember. It is now recommended to use a longer password that is easier to remember. For example a password with four random words that is easy to remember such as HorseTableBucketCar is actually considered stronger than r$x3H8<W
NOTE: The current BCIT guidelines dictate that passwords must be:
- Between 8 and 20 characters
- Contain a minimum of one upper case letter AND one lower case
- And contain at least one number
Never share your password
Section 6.3.4 in BCIT Policy 3502 states that BCIT passwords must not be shared with any other person at any time. The only exception is when an authorized user must delegate an account.
Don’t write it down
It's true, we all have too many passwords to manage. In fact, according to recent figures the average person has more than 90 online accounts to manage!
Password complexity has been ruled too complicated and impossible for people to remember. This leads to people writing them down on Post-Its and sticking them on their monitors. So the thinking today is for people to use words or phrases, that are easy to remember and long enough to meet requirements.
Don't keep track of passwords on post-its, in a notebook, or even in a .txt file on your desktop. You can use a dedicated password manager to help! Tools such as LastPass, DashLane, or KeePass help save you the stress of memorizing all of your passwords.
- BCIT Policy 3502 - Information Security
- BCIT Policy 3501 – Acceptable Use of Information Technology
- Cyber Security Awareness Month Toolkit - the Government of Canada.
- Stay Safe Online – National Cyber Security Alliance
- Taking appropriate measures to prevent loss, damage, abuse, or unauthorized access to information assets under their control
- Promptly reporting all acts that may constitute real or suspected breaches of security including, but not limited to, unauthorized access, theft, system or network intrusions, willful damage, and fraud.
- Looking after any physical device (tools, computers, vehicles, etc.) and access articles (keys, ID cards, system IDs, passwords, etc.) assigned to them for the purposes of performing their job duties, taking courses, conducting research, or otherwise participating within the Institute.
- Respecting the classification of information as established by the information owner