Policies And Forms
Security Incident Reporting
Server and Data Classification
IT Purchase And License Requests
Digital Millennium Copyright Act
Register Your Computer at UMSL
General Security Practices
Protecting Your User Accounts
Your user accounts are the “key” protection for your digital information. Whether that data is stored on your computer at work, at home or in the cloud, chances are it is protected with a username and password. If criminals get access to or hack your password, they could then have access to all of your information. Below you will find some tips to better protect your accounts or “keys”.
Use a long/secure password
The University minimum standard for password length is eight (8) characters containing a mix of different character types -- letters (upper and lower case), numbers, punctuation marks, etc. However, we recommend a longer passphrase of 15 characters or more - they provide a significantly higher level of protection.
A good strong passphrase can be generated from a quote, poem or lyric that is easy for you to remember - but too long to be cracked by common brute-force techniques or to observe by shoulder surfing.
Do not reuse or share passwords
It is extremely important to use a different password for each account you have. If one account is compromised, then all accounts sharing that set of credentials are at risk! So, if you use the same password for your Gmail account as you do for your Amazon account, if your Gmail account gets hacked, they can now go to amazon and start buying things.
Never share your password with anyone. No one needs it except you. A shared password is not a secure password.
Use Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA) provides a second layer of protection for your account. Your password is one layer along with a series of questions or a passcode sent to a known phone or email address as a second factor.
The University of Missouri system is currently implementing a 2FA system called SecureAuth. This SecureAuth toolkit will provide a second layer of password security to your UMSL account by requiring an additional authentication method for users to gain access to IT systems. Right now, we are just getting users registered.
Register with the Secure Authentication Toolkit.
For additional information, visit our Frequently Asked Questions webpage.
Use a password management application
A password management program (link is external) can help you to maintain strong unique passwords for all of your accounts. These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically.
These are great tools to help you remember and organize your personal passwords. There are many different password management tools available for free for your personal use. Lastpass (link is external), KeePass (link is external) and 1password (link is external) are all good tools to use but there are others too. (We do not have contracts with above companies to purchase these tools through the University, but you can obtain them personally. There are paid and free versions available)
Check web site security
When logging into websites, email, or other services, check that the site is secure and your credentials are encrypted. A secure URL for a website starts with "https://" and your browser will display a lock icon in the address bar.
Also be sure that the site is authentic - beware when the browser displays a red slash through the lock icon or gives certificate warnings.
If the website does not offer a secure login, be aware that the password you use could be intercepted.
- Don't give your password to ANYONE. A legitimate system administrator should NEVER request your password by email or over the phone.
- Don't use a password containing information about you, such as birthday, favorite movie, etc. that someone who knows you could guess.
- Don't type your password while using someone else's personal computer or untrusted public kiosks. It is relatively easy to steal someone's passphrase by installing a keylogger on a computer and then letting someone use the computer.
- Look out for "shoulder surfers" when typing your password, much as you would do when typing your PIN number at an ATM.