Create strong passwords
As more of our lives is conducted online, the threat of being compromised or falling victim to a cyber attack increases. Identity theft and online fraud incidents often begin with a simple password being accessed, so it’s important to understand the dangers and what you can do to improve your password security.
Your RMIT password unlocks a wide range of systems and applications that provide access to research data, intellectual property and confidential information.
A strong password is one of the most important precautions you can take in protecting you and your information. Weak passwords are easily cracked by dictionary and brute force attacks, which can leave you vulnerable to hackers and the damage they can cause. Access to this kind of information puts universities at increased risk of a malicious attack. It also leaves you at risk of attackers using your identity to access bank accounts and set up credit cards. Keeping your password secure and well managed is the first line of defence in preventing this.
Today’s cyber criminals are increasingly sophisticated and will use different ways to gain access to password. This includes:
Phishing emails look like they come from a trusted source but are used by scammers as a way of obtaining login details. Typically, phishing emails ask you to click on a link to verify your username or password. The link takes you to a fake webpage that’s designed to look just like the real thing. Any details you submit on the page are captured and able to be used by an attacker.
This method attempts to trick users into downloading malicious software or spyware onto their device. Once downloaded, the programs are capable of covertly recording the keystrokes made on your keyboard, including your password, and passing that information on without your knowledge.
- Brute force attack
This is where an attacker already knows the login ID of a target and tries to hack the account using every possible combination of password. Dictionaries are generally consulted as a source, so a long and strong password is the best defence in this instance.
- Special knowledge or access attack
This is where an attacker may know information about you and tries to guess your password based on this knowledge, such as information shared on social media. It also covers shoulder surfing (which is when someone looks over your shoulder as you type your password).
When you start out at RMIT you’re provided with a default password that should change immediately.
RMIT passwords should:
- Be 8-25 characters in length
- Contain a mix of uppercase, lowercase, numeric characters and symbols
- Not include part of your name or username
- Be significantly different to any previously used password
- Be changed every 180 days
Remember never to disclose your password to anyone -- even temporarily. Do not write it down and leave it where others might see it. Your RMIT login details give access to valuable information -- keep them secure.
The easiest way to make a password more secure is to make it longer. While generally the longer, more secure and unique you make a password, the harder it is to remember. Using a passphrase is one way to get around this issue.
So what’s a passphrase? It’s where you take a personally memorable sentence or phrase and turn it into a password using the letter of each word and a different mix of characters. The idea is to create something that makes sense to you but looks totally random.
For instance, a phrase like “The Dees will win the Grand Final by 10 points!” might become “TheDee5willwintheGFby10pt5!”. It’s an easy to remember long password that’s hard to crack.
Other tips to remember:
- Avoid predictable password patterns, such as an upper-case character at the start and a numeric at the end.
- Be aware what information is available about you in the public domain, online or on social media. Hackers will research to gain an advantage so don’t overshare important details and make it easy for them.
- Remember to set up your RMIT self service details online. It means you’ll be able to reset your password if you ever forget it, from anywhere on any device.