What are the dangers of a compromised password?
Passwords confirm who you are and your rights to access a system. For most systems, your username or ID is easy to guess. If your password becomes known to anyone else, they can log in as you and you would have no control over their actions. This could happen to a social media account, your email, your bank account or more.
What to do if you think your password has been compromised
- Immediately reset your password on the account you think has been compromised
- Seriously consider resetting your passwords on your other accounts
- If it is a password on a UTS service, contact the IT Support Centre on 9514 2222
You can also check out Have I Been Pwned? (opens an external site) that can tell you whether your email address has ever been part of a known data breach. Don't panic if you find your account on a list here – data breaches are far more common than we like to think, but following the steps below will help keep your data secure.
How do you keep your password secure and safe?
Don't write it down. Ever.
If you write it down, you can lose it. If you lose it, someone else can find it.
Don't send your password via email or give it out over the phone.
Email isn't always secure and you don't know who might overhear you when on the phone.
Change your password regularly.
If your password is stolen, it may not be immediately used. Change your password at least every six months to be safe.
Make your password strong.
A good password should be at least eight characters long. Use a mixture of upper- and lower-case letters, numbers and special characters. Don't include personal information in your password like your nickname, or your pet's name, etc.
Consider using a passphrase.
A passphrase is a very long password that is easier to remember but harder for an attacker to guess or crack. For example, the password “Qbn&7ac9” is complex but fairly difficult to remember. The passphrase “HappyHippo@Holidays!” is also complex but much simpler to remember. (However, not all systems support such long passwords.)
Don't use the same password on different accounts.
If a malicious user finds out what your password is for one account, they might try using that password on other accounts that belong to you.
Be careful using shared computers.
If you use a public computer at an internet café or even the shared workstations available at UTS, disable any options to remember who you are. Pay attention to tick boxes with wording like 'Stay signed on', 'Keep me logged in' or 'Remember my details'.
There are many password generators available that can create 'memorable' passwords like Safe Password or Correct Horse battery (open external websites). You can also get an indication of the strength of a password you're considering using the Password Meter.
Change your UTS password
Change your UTS password at least every six months by visiting the MyAccount website.