Lock Down Your Login!

Tanya Jansen's picture

Over the past year, UCSF IT has rolled out several new initiatives to help lock down your login. We are taking these steps not only to protect our data and IT systems but also to protect you from the negative consequences of being part of a data breach.


Security Logn


UCSF IT leadership is asking you to strengthen your data security and password management practices and has provided tools to assist you in this endeavor, including:

Be sure to click on each of the above links for more information, as the “Lock Down Your Login” quiz questions will test your knowledge of both this article and the information contained at each link.

Some additional tips to make your digital life more secure:

  • Never reveal your passwords to others. You wouldn’t give your ATM card and PIN to a stranger and then walk away, so why would you give away your username and password? If someone is asking for your password, it’s a scam. Nobody needs to know your credentials but you — not even the IT department.
  • Use different passwords for different accounts. That way, if one account is compromised, the others may not be at risk.
  • Use multi-factor authentication (MFA) like Duo. Even the best passwords have limits, and multi-factor authentication adds another layer of protection in addition to your username and password. Generally, the additional factor is generated by a token or a mobile phone app to confirm that it’s really you who is attempting to log in. Learn more about MFA and how to turn it on for many popular websites at
  • Make passwords that are hard to guess but easy to remember:
    • To make passwords easier to remember, use sentences or passphrases. For example, “itsnotsecrewithoutu”. Some systems will even let you use spaces (e.g., it is not sec re without u).
    • Avoid single words or a word preceded or followed by a single number (e.g., Password1). Hackers will use dictionaries of words and commonly used passwords to guess your password.
    • Don’t use information in your password that others might know about you or can find in your social media content (e.g., birthdays, children’s or pet’s names, car model). If your friends can find it, so can hackers.
    • Complexity still counts. To increase complexity, include upper and lower case letters, numbers, and special characters. A password must use at least three of these choices to meet the Unified UCSF Enterprise Password Standard. To make the previous example more secure: “It’s not sec re Without U !”
    • Length trumps complexity. The longer a password is, the better. Use at least 16 characters whenever possible. The Unified UCSF Enterprise Password Standardrequires at least 12 characters.
  • Use a password manager. Password management tools (also known as password vaults) are a great way to organize your passwords. They store your passwords securely, and many provide a way to back up your passwords and synchronize them across multiple systems. IT is currently providing support for Keeper Password Vault.
  • Never use a public computer to log onto a private account.

If you think your password has been compromised, contact the UCSF IT Service desk by calling 415-514-4100.

Click Here to take a short quiz and win a prize! The prize for passing this quiz is a Post-It note pad with a reminder to not write your password on it. One person will also be selected for the grand prize: a PacSafe.Com secure backpack (see picture below).

Post-it notes

Everyone who passes wins a cool post-it note pad!


One grand prize winner will receive a Pacsafe Backpack. Click on the picture for more information.

Additional Resources: