We all use a wide range of online services to help manage our work and our day-to-day life outside the office. Protecting your online accounts is critical to protecting your and the University's sensitive information, whether you’re at work (using your Office365 account) or at home (using online banking or other essential services). Give yourself an immediate cybersecurity boost with these tips.
Passwords
- Use a password manager. This article’s going to give you lots of information about creating complex, long, and unique passwords. These are more secure but they might be more difficult for you to remember. Use a password manager (e.g. LastPass or 1Password) to store your passwords behind a single, secure master password (using the tips below!). Please note: these tools are not supported or licenced by the University and can be free or paid-for subscriptions.
- Create long, memorable passphrases. Create long (at least 12 characters), memorable passphrases (e.g. ‘Derbyisinbritain’). Don’t put your personal information (e.g. your child or pet’s name) in your password.
- Consider adding a bit of complexity. Use a mixture of lower-case, upper-case, and special (e.g. !$%#) characters to make your passphrase more difficult to guess (e.g. Derby!$inBrit@in!).
- Create unique passphrases for each of your online accounts. Make sure your passphrases for your online bank, for example, is different from your passphrases to social media services.
- Don’t share your passphrases with other people.
- Check password strength analyzers where possible. Online account registration processes often check your passphrase before you finish registering for an account or service. Ensure your passphrase is marked as ‘strong’ when creating online accounts.
- Use multi-factor authentication (‘MFA’) where possible. Combine more than one authentication factor (e.g. your passphrase and an authenticator app) to boost the strength of your online accounts with an additional layer of security.
- Only enter passphrases to sensitive accounts where you know it’s safe. Try to avoid entering your credentials using public computers (e.g. internet cafes and libraries) or over insecure public Wi-Fi networks (e.g. airports and coffee shops). If you’re on a University campus, use Eduroam for secure Wi-Fi (you can find more information about Eduroam on the Knowledge Base here: https://itservicecentre.derby.ac.uk/hc/en-us/articles/360001368925-Eduroam-Wireless-Network).
Additional steps for enhanced account security
- Use single-sign-on ('SSO') where possible. Most online services now support account creation using SSO through, for example, Apple, Facebook, and Google. This gives you the security benefits of not having to create (and remember!) another password combined with the security you've applied to your SSO account.
- Use biometric authentication where possible. Most modern mobile, laptop, and desktop computing devices support biometric authentication (e.g. FaceID and TouchID). Add something about yourself to your online accounts to make it even harder for a malicious actor to compromise them.