The basics of this standard include:
- minimum/maximum length requirements for BlazerID passwords/passphrases
- password/passphrase expiration intervals
- restrictions on reusing the same password/passphrase for the six previous intervals
- password/passphrase complexity requirements
- system logging of failed attempts to log on
- disabling of unused accounts after a specific interval of non-use
- requirements for credential encryption while in transit
- several other recommendations
An official copy of this standard can be found in the UAB Policies and Procedures Library and on the UAB IT Information Security website in the IT Related Policies and Guidelines page.
The recent spam email messages are crafted to look like they came from one of several legitimate companies such as Chase Bank, the Better Business Bureau (BBB), Department of Treasury, Dun & Bradstreet Financial Services or a wire transfer company. You should be aware that these emails are forged and that none of the information included in the email can be trusted including embedded links, e-mail addresses or phone numbers.
Here are some of the common email subject lines we have seen in this spam campaign:
• FW: Company 2013 Report
• Incoming Wire Transfer Notification
• D&B iUpdate: Company Order Requested
• Department of Treasury Notice of Outstanding Obligation – Case ######
• Better Business Bureau Complaint Case #######
• Merchant Billing Statement
• ACTION REQUIRED: A document has arrived for your review/approval (Document Flow Manager)Tweet
Because your BlazerID password is used to open the door to many services and features on the UAB network, it is vital that it be strong enough to resist guessing by casual means. Someone breaking into your UAB records can be the first step toward identity theft which is being well-publicized now. To be sure you have a strong password, make sure it follows these rules:
The first step in keeping your password secure is to create a good one. After you've created a strong password, continue with the suggestions below to keep it safe:
- Never share your password with anyone.
This includes family, friends, significant others, computer support people, and bosses. If you need someone to read your email, you can have that person do so without using your password by using the delegates feature in MS Outlook.
- Never save your password when prompted by your web browser or any other programs.
You can turn this option off in Internet Explorer (Tools -> Internet Options -> Content -> AutoComplete) & Mozilla (Tools -> Options -> Security).
- Change your password regularly.
To change your BlazerID's password, click here.
- Make your password easy to remember, but hard to guess.
Use a lyric to a favorite song, for example:
"How much is that doggie in the window":
For more security, add a capital letter & convert an 'i' to a '1':
- Never send your password via email - even if the request looks official.
Any request to send your password via email is most likely a phishing attempt.