CASE.EDU:    HOME | DIRECTORIES | SEARCH
case western reserve university

INFORMATION SECURITY
 
 

pasword snatcher


QUICK LINKS:

How can I secure my Case password?


The first step in keeping your password secure is to create a good (robust) one. For details, see the Case ITS Passwords page.  After you've created a strong password, continue with the suggestions below to keep it safe:

  • Never share your password with anyone: It is against university policy to do so. This includes family, friends, significant others, computer support people, and bosses.  If somebody calls you and asks for them for some 'official business' reason, they are probably trying to perpetrate a social engineering attack, or it is a test. 

  • Never save your password if prompted by your browser or any other programs:  For instructions to remove a saved password in Internet Explorer 6, see the Knowledge Base document In Internet Explorer 6, how do I remove a stored password?

  • Change your password at least every six months: Some departments require a higher frequency of password changes based on the sensitivity level of data used.  For instructions to change or reset your Case Network ID, see this site to change or synchronize my Case passwords. If you had a lost or stolen laptop, change your Case Network password immediately!

  • Never send your password in email, even if the request looks official: Not only is it against university policy (see the first suggestion in this list), but such requests are most likely phishing attempts.

  • Make your computer's administrative password and your Case Network ID different: Besides your Case Network ID, you should also have an administrative password for your computer, and the two should be different.   Note: if your Windows computer is a member of the Case Active Directory System, the two will be the same.

  • Case Paranoid Geek (CPG) Tips: If you want to join the Case Paranoid Geeks:
    • Use a password manangement tool. See the Security Blog Article on this topic.   We recommend an encryption capable password management tool.
    • Never use an administriative account in Windows for your everyday tasks.  Have two accounts: (1) an administrative account (not named Administrator) to do tasks such as installing and de-installing software applications, running Windows Updates, installing Anti-Virus, etc. (2) a local account with user privileges only that you use for email, web  browsing, writing papers, IM, Facebook, etc.  If you get an exploit on your computer, it is likely that it will execute with your user privileges, and you can avert the impact because you aren't using administrative privileges.