Password Security

  • Passwords are a simple defence (often the only defence) for many secure operations
  • Guessing one password may enable a criminal to access many of your systems, your money, your identity, etc.
  • Make a password easy for you to remember, hard for others to guess

Never share your password with anyone. IT Services and your local IT support staff will never ask for your password.

If someone else does find out your password, you must change it immediately

If you think you may have given your account details to someone else in reponse to an email (phishing)

  1. Don't panic - mistakes do happen
  2. Change your password as soon as possible
  3. Let your IT staff know
  4. If you still have a copy of the email, please forward it to phishing@it.ox.ac.uk with full email headers so we can help others avoid making the same mistake

Please do not be afraid to own up: we would rather you told us than tried to cover up a mistake.

For a secure password, do not base your choice on:

  • The account's username (whether identical, reversed or rearranged)
  • Your first or last name or date of birth
  • Names or dates of birth of your nearest and dearest
  • Your house name or your home street
  • Dictionary words

A good password includes a mixture of:

  • Upper (A-Z) and lower-case (a-z) letters
  • Digits (0-9)
  • Other printable characters e.g. ,;:?%^*[]{}+-) if permitted

Why not choose the initial letters of words in a line from a favourite song or poem (e.g. ‘Shall I compare thee to a summer's day?’ becomes ‘SIctta5d?’ But don't use this one!).

If your memory lets you down and you have to keep a note of your passwords, make sure you keep it somewhere that can’t be accessed by others and don’t label it “My Oxford password”. Don't leave it lying around or store it in a folder or document called Passwords!

Don't use the Administrator account by default

  • Just like legitimate software, a lot of malware requires Administrator privileges to be able to run on your computer.
  • If you are using Windows try, where possible, to use a limited account for your day-to-day activities.
  • Mac and Linux: Do not log in as admin or root. Instead, use a command like sudo to perform command-line operations requiring root access.

Personal Firewalls

  • A computer firewall acts as a virtual wall against intrusion from the internet
  • Windows and Mac OSX come with a firewall as standard - check the firewall is active
  • A range of Open Source and commercial products are available which provide basic protection against malicious attacks directed at your computer from the internet

For more guidance about your passwords see the Information Security web pages and lunchtime courses.

Up: Contents Previous: Security Next: No Phishing