Keep your accounts secure
Secure accounts help keep information secure and available
Usernames and passwords are used to:
Each account represents a single person and what the account is used for is a reflection of the person to whom it belongs. Here are a few ways to secure your accounts.
Never share your password
If you share your password with someone, and that person intentionally or unintentionally causes a problem with the computer system using your login and password, you will be held accountable - not the other person.
Insist that everyone get their own accounts, use software that was designed for multiple users, or explore options such as group membership permissions or shared access controls.
In some situations, a password is shared among several users when it grants access to a shared resource. In these cases, your password should never be shared with anyone not known to have permission to the shared resource. If it is later determined that one or more persons no longer have access to the shared resource, the password must be changed and distributed only to the remaining users. If the need for a shared password is no longer necessary, then its use should be discontinued immediately and either the account removed or the password changed.
Never let others watch while you type your password
Log out properly
When logging out of an account, don't walk away from the computer until you are sure that you have logged out completely. When using a shared computer, such as at a computer lab or cafe, close all browser windows - even if the system notified you that you are logged out - just in case the browser has been set to cache web pages. Try logging into your bank account, then log out, then select the browser's Back button once or twice. Can you see your account information?
Choose a good password
Change your password regularly and never reuse it
This significantly decrease the chances of brute force attacks succeeding. Unfortunately, not all UCSF systems enable you to change your password. Contact your department or your CSC if you have questions regarding passwords changes and what systems share authorization processes. Avoid using the same password for more than one account.
Don't use untrusted computers
Do you know who owns or maintains the computer you are using? Are you sure that the computer is free of spyware, monitoring programs, or devices used to record every keystroke? Secure passwords and encryption are of no use if the computer is secretly recording everything you type. Before entering any account information into a computer, you should be reasonably sure it is secure and vulnerability free. Be especially careful of internet cafes, shared access computers (like those found in a hotel lobby), computers that appear very slow, and computers with outdated software.
Store your password securely
Avoid writing passwords down on paper, which can be lost, forgotten, or stolen. Instead, use a password manager. Avoid storing passwords in electronic devices or documents that are unencrypted, and be aware of what password recovery tools can do.
The most secure way to store a password is to memorize the only copy of it.
Using a password manager means you have to remember only one master password which grants you access to all your other passwords. If your password manager file is lost, forgotten, or stolen, all your passwords still remain encrypted and protected.