Security Profile Guidelines

• Security Profile Guidelines home
• Setting your security profile is easy
• But I don't want to change my password
• I need help thinking of a new password
• I'm ready to set my security profile now
• Why you shouldn't share your password
• How to collaborate without sharing your password

There is never a good reason to share your password. Only you determine your password privacy, but consider the following reasons people give for sharing their passwords, and why these scenarios are false rationale.

Consider the following excuses....

I keep no private files or e-mail; I don't care if someone reads it

This is a fallacy because of the far reaching implications of anyone knowing your password. Your password, if insecure, can be the key to serious breaches of University, or even national, security. Knowing your password, a hacker can access servers by connecting as you across the network, can send e-mail on your behalf, can gain access to administrative systems, and can break the law under your identity. Systems across the University then become vulnerable. Your password, once in the hands of someone with malicious intent, not only threatens your files and e-mail, but can have serious consequences to your good name and the impression of your personal integrity.

No one I share my password with is malicious

It's not just about the people who know your password. If you have not changed your password within the last year, your password is probably not secure; it probably does not meet the requirements necessary to elude even the most rudimentary of password-cracking code used by any high school hacker with access to the Internet. An insecure password, the one you have been using for years because "it's easy to remember" or because "so many people know it" is itself the reason you need to set it to a non-crackable, secure string as soon as possible.

I like my password -- it's easy to remember

Changing your password to a secure one may seem an onerous task. For everyone, change is difficult. The truth is, that after changing your password to a secure one using the Password Management Facility, your fingers will learn to type the new password in a matter of days, just as quickly as you typed the old, insecure one. This is the worst excuse, and the one with the least basis for non-compliance with University security policy.

If you share your password, the culprit could appear to be you.