Oct 24, 2022 | Jeremy Shelley, CISO UAH is constantly under assault by potential attackers attempting to gain access to our research data, student information, and financial information. Stolen, shared, and hacked passwords or other user access credentials are by far the most common way for bad actors to gain unauthorized access to these critical university assets. One of the best ways to protect UAH is to keep your UAH password safe and secure. Below are some tips about keeping your UAH password safe and secure. Don’t reuse passwords Never use the same password you use for your UAH account on other systems or websites. Reusing passwords across multiple sites puts all of those sites at risk if any of them have a security breach that involves disclosure of passwords. So a single password compromise can jeopardize your information and assets at multiple locations. Don’t share your passwords with anyone else The Appropriate Use of IT Resources Policy prohibits sharing UAH passwords with anyone else. I understand that it’s easy to believe that there’s no way your family member, spouse or significant other would ever cause a problem, right? Sadly, it is possible for a relationship to go sour. When that happens, trust can be exploited. Please do not share your passwords with anyone else under any circumstances. Furthermore, UAH IT staff will not ask you for your password. If you receive such a request via email, text or voice call, report this to the OIT Help Desk. Enable Multi-Factor Authentication (MFA) whenever possible While using usernames and passwords to protect your account is a great first step, it is strongly recommended to use MFA, which augments your password with an additional factor such as your phone, whenever it is available. This requires attackers to not only know your password but also have access to your phone, or other device in order to impersonate you. Only use your UAH email for university business UAH subscribes to a number of services that notify us in the event of UAH credentials being sold or posted on the Internet or in the encrypted dark web. These credentials are leaked because someone provided their UAH email address when they signed up for services or to access a site. Your UAH email address is intended for use in support of UAH’s mission. Please refrain from using your UAH account for non-university activities.