Passwords are the most vulnerable entry-point to our IT resources. Misuse of passwords, including negligence on the part of authorized system users, can provide hackers with a golden opportunity to compromise the confidentiality, integrity and availability of our systems.
Always keep your password a secret. Do not share your password with anyone; neither with supervisors nor assistants.
Memorize your password and avoid writing it down. Written passwords may fall into the hands of the wrong individuals unless properly secured. Please note that the University of Miami has a password policy that prohibits the sharing of your password; you may be held responsible for any actions taken using your username and password.
The Office of HIPAA Privacy and Security recommends the following best practices for passwords:
- Change your password often, for example, every ninety (90) days. Make changing your password a recurring calendar item so that you will not forget.
- Upon receipt of a “default” password, change your password immediately. Default passwords which have not been changed are one of the most common ways of compromising an account and/or system.
- Use hard-to-guess passwords: mix uppercase, lowercase, numbers and other characters, or misspelled words, for example, *HarDt0Gue$$*.
- Use a minimum of six (6) characters. The more characters you use for your password the more difficult it is to guess.
If you suspect your password has been compromised, please change it immediately. Notify your System Administrator immediately of any suspected compromise but do not divulge your password.
Posted February 14, 2005