How can I secure my Case
The first step in keeping your password secure is to
create a good (robust)
one. For details, see the Case ITS Passwords page.
After you've created a strong password, continue with the suggestions
below to keep it safe:
- Never share your password with anyone:
against university policy to do so. This includes family, friends,
significant others, computer support people, and bosses. If
somebody calls you and asks for them for some 'official business'
reason, they are probably trying to perpetrate a social
engineering attack, or it is a test.
- Never save your password if prompted by
any other programs: For instructions to remove a saved
password in Internet Explorer 6, see the Knowledge Base document In
Internet Explorer 6, how do I remove a stored
- Change your password at least every six
Some departments require a higher frequency of password changes based
on the sensitivity level of data used. For instructions to change
or reset your Case Network
ID, see this site to
synchronize my Case passwords. If you had a lost or stolen laptop,
change your Case Network password immediately!
- Never send your password in email, even if
looks official: Not only is it against university policy (see
the first suggestion in this list), but such requests are most likely phishing
- Make your computer's administrative
and your Case
Network ID different: Besides your Case Network ID, you should
also have an administrative password for your computer, and the two
should be different. Note: if your Windows computer is a
member of the Case Active Directory System, the two will be the same.
- Case Paranoid Geek (CPG) Tips: If
you want to join the Case Paranoid Geeks:
- Use a password manangement tool. See the Security
Blog Article on this topic.
We recommend an encryption capable password management tool.
- Never use an administriative account in Windows for
your everyday tasks. Have two accounts: (1) an administrative
account (not named Administrator) to do tasks such as installing and
de-installing software applications, running Windows Updates,
installing Anti-Virus, etc. (2) a local account with user privileges
only that you use for email, web browsing, writing papers, IM,
Facebook, etc. If you get an exploit
on your computer, it is likely that it will
execute with your user privileges, and you can avert the impact because
you aren't using administrative privileges.