In many ways a password equals a signature, or in information technology terms, required credentials. Logging in to an electronic resource with a PawPrint/SSO ID and password certifies the identity and authorization to view or use the information or system being accessed. While this may seem trivial, many people don't consider the consequences of having a password fall into the wrong hands.
In addition to stealing or discrediting an identity, there are much easier things an attacker (or maybe even a friend) could do with a password:
Be aware of these and other methods used to trick you into handing out your password. There have even been cases where individuals pretend to be IT staff and ask for your password. As a rule, do not enter your password in suspicious websites and never provide your password to anyone. Your password protects your information and no one else should ever need it. Report suspicious requests that you receive to firstname.lastname@example.org. If you think you’ve fallen victim to one of these scams, please reset your password immediately. For information about resetting passwords go to doit.missouri.edu.
Passwords can be changed using the Create/Reset Password link in myHR [[http://myhr.umsystem.edu]] (for faculty/staff). Students can reset their passwords using their campus student services: myZou, PATHway, MyVeiw@UMSL or Joe'SS.
*MU and UM System employees can also use the Password Manager.
All MU and UM System employees must change their password annually. Employees of the University Hospital and Clinics and the Schools of Health Professions and Medicine must reset their password every 180 days. This mandatory password change will ensure all user passwords meet current security requirements as well as comply with best practices for password duration.
There are three types of passwords that can be used; Traditional Passwords, Passphrases, Paraphrases. Passphrases are the preferred method due to their ease of use and increased security.
Traditional passwords are one string of characters that meets the following requirements:
Must have eight to 26 characters and include at least one character from at least three of the following:
A password cannot:
An alternative to using a “password” is to use a “passphrase”. A passphrase is a sequence of words strung together to create a "password". To do this, you need to erase your traditional thoughts of building a password. Instead of worrying about how many characters your password needs to have, consider multiple words that can be combined to make a phrase. A passphrase is made up of four or five short words, put together in a way that makes sense to you. While your “password” may be longer (which makes it more secure), it will be easier for you to remember. Here are some examples:
"My dog just turned eight." = "MyDogJustTurn-D8"
"Look at all the snow today!" = "LookatAlltheSnow2day!"
"I love to go fast in my car!" = "Ilove2goFastInMyCar!"
Passphrases must meet all of the requirements of Traditional Passwords. One final tip, you should choose a phrase that you can easily remember; however to increase security avoid common phrases, lyrics, titles, and quotations. Your passphrase should be words that you put together and have meaning to you.
Another easy way to form a secure password that you can easily remember, it is to think of a phrase, song, poem, or sentence and use the first letter from each word. For example:
"I have owned my dog for 5 years!" = "Ihomdf5y!"
Paraphrases must meet all of the requirements of Traditional Passwords. There are also specific things you should avoid when choosing a password, including the following:
This includes cellular phones and Palm devices. It also includes a sticky note taped to your monitor pasted under your keyboard. These are common places where people keep their passwords written down and also common places where people would look to find yours. It is also a bad idea to choose the option to save your password when visiting Web sites or setting up an e-mail client — it is much more secure to enter the password again each time you visit. A forgotten password can be reset using the Three Questions Password Manager (myZou for students).
o A sent e-mail you did not create. If you notice an e-mail in your "Sent Items" folder that you do not remember writing or sending, it could be a sign that someone else has accessed your account.
o New icons, programs, files, or start menu items you did not create or install. Sometimes this can mean that you are a victim of spyware. However, this can also mean that someone has accessed your computer and made changes to its settings.
o Noticeable performance degradation. This is a possible sign of a password compromise, because a hacker could access your machine and cause some program or file to be running in the background, thus taking up computing capacity.
These can also be signs of various other problems, such as a worm/virus infection or a hardware issue. However, it's best to check everything out to make sure that you can identify what is causing the symptom. The Division of Information Technology Help Desk can assist you with any questions you may have.
If a password has been compromised or suspicious activity is occurring, change the password immediately and report the incident.