Secure Computing: Password Security Tips
The number ONE way people break into systems
Poorly chosen or blank passwords are the number one way systems on the Stanford network are broken into.
Set a password on your computer. All computers and accounts need to be protected with a login password. Unfortunately, many people forget to set these passwords during installation, which makes their computers easy marks for remote hackers.
Keep your password safe
Never reveal your SUNet password to anyone. Don't share it with friends, don't tell your RCC or support consultant. It is a violation of Stanford policy to share your SUNet password with anyone.
Only enter your SUNet password into the PC or Mac-Leland login screen, kinit or klogin, or in the WebLogin page. These two are secure--any other page or system may either be unsecure, or an attempt to "spoof" one of these systems and trick you into sending your password straight to a hacker.
- Stanford's Policy on Online Identification
- Change your SUNet password
- Learn more about the Stanford WebLogin page
Use a different password for non-Stanford web sites (like Amazon, AOL, Hotmail or Yahoo). Many sites do not use encryption to protect your password. To be safe, use your "Stanford" password only for stanford.edu sites. Create and use a different password for public, non-Stanford sites. Similarly, if you need to give access to your computer to a support consultant or RCC, create a unique account for that purpose. Do not share the password to your account.
Choose good passwords
The weakest link in Stanford's computer security efforts is your password. Although the University spends lots of time protecting computers against hackers, one of the biggest security holes is easily-guessed passwords. Recent security tests showed that a basic password-cracking program could easily deduce one fifth of all Leland account passwords. A better program would guess more. Basically, too many people are setting easily-cracked passwords.
How to set passwords on your computer
Many people at Stanford have neglected to set a basic account name and password for their computer. We're not referring to your SUNet ID password, but to the password that gives you, and only you, access to your computer. Without such a password, just about anyone can get into your computer by sitting down at the keyboard. They can even get in remotely, via the Internet.