Now that you understand how to secure your workstation, let's consider the credentials that you use to access accounts and services.
A typical credential is the combination of a username and a password that you use to log into an application, device or service. Attackers want to steal your credentials to then steal information and launch cyber attacks. Your userid /password combination is only one type of credential that you need to protect, as you may use many others to access all of the services and applications that you use in your work.
This module will provide you with an understanding of why it is important to protect your credentials and how you can do so.
Attackers attempt to steal credentials by tricking you into providing your username and password. This social engineering attack is usually known as phishing but it can also occur in other forms. Other methods attackers use to steal your credentials include:
You have a responsibility to ensure your userid/password and other credentials are managed securely. Don’t be the weak link in this system.
One example of why an attacker would want your userid and password is so that they can use your campus email to distribute spam. Attackers want to use campus email to distribute spam because an email address from .edu will often circumvent filtering by other email systems. If an address associated with .edu was sending spam then other external email systems may block all legitimate emails distributed from other .edu accounts. Beyond email, an attacker who has gained control of your userid and password would be able to gain access to other systems that use this credential. Examples include Shared Financials System, Human Resource System, and many more. With access to these systems attackers can gain information about you, our students, faculty and other staff.
Use strong passwords for each of your credentials. A close friend or family member should not be able to guess your password.
Strong passwords are important for testing and training accounts as well. At minimum you should follow the recommended password guidelines. You can even watch a video about creating strong passwords.