Creating a safer password
Here are some general rules for creating a safer password:
- Change your password frequently. People hate to hear this tip, but the fact is, most passwords will not be “cracked” or “guessed”, they will be stolen from an infected machine or a compromised website. Changing your password often gives a shorter period of time for an attacker to use your compromised password.
- Make passwords unique. When you change your password, consider it retired; attackers typically keep collections of old passwords that they routinely test in the hopes that someone reused them.
- Make passwords unique. Add something to your password that customizes it and makes it different for each website or service account you use so a compromised password only works on the compromised site.
- Create strong passwords. The longer a password is, the longer it takes an attacker to guess it; with current technology, an attacker can guess EVERY combination of an eight character password in 6 hours. You should use passwords that use different character types including upper/lower-case, numbers and symbols.
- Avoid obvious dictionary words. Anything related to your normal life (job, hobbies, pet names, etc.) should be excluded from your passwords. An attacker might build a dictionary that is custom tailored to contain words related to information they gathered about you.
One way to use these rules is by using passphrases versus a password. Here is one way to create one:
- Start with a long phrase that you'll remember. This can be anything — such as a favorite song, poem or title. For example, we'll use a line from the UAB Alma Mater:
- Make some memorable changes to the passphrase. In our example below, we removed the spaces, added a symbol, and replaced the word "to" with the number "2."
- Make the password unique and memorable. Returning to our example, we'll add the first three letters of the web site where the passphrase will be used and something different like the number of letters in the name.
facebook.com = Fac8praise2theeourUAB!
- eNotify Identity: Used for sending BlazerID password reset code, and for employees to receive alerts when direct deposit, tax withholding or personal information is updated via Oracle Self Service.
- UAB IT web site: General IT announcements, information and help
- Acceptable Use of Computer and Network Resources Policy
- Oracle Self Service: Update your direct deposit, tax withholding or personal information.
Reporting suspicious messages used to be a multi-step process for UAB users, but now you can report a suspicious message with a single-click. For those users on a Windows or Mac system who use Microsoft Outlook, UAB Information Security has partnered with PhishMe Inc. and made PhishMe Reporter available to all UAB users. PhishMe Reporter is an add-on software “plug-in” to Microsoft Outlook that allows for one-click reporting of suspicious emails.
One of the most effective ways for a cyber-attacker to compromise an organization’s cyber resources is to gain unauthorized access by compromising an account through phishing emails. In fact, industry experts report that 91 percent of all breaches start with phishing emails. If such an email lands in a UAB inbox, we are just a few clicks away from having UAB’s security compromised. This means UAB students, faculty and staff are all an integral part of our information security posture.
In an effort allow our users to become familiar and more resilient to tactics used in real phishing attacks, UAB Information Security will be working with PhishMe Inc. to send out fake phishing emails to our students, faculty and staff that imitate real attacks. These emails are designed to give you a realistic experience in a safe and controlled environment.
Please note, that we will not be receiving nor storing any passwords, there is no penalty to falling victim to one of the simulations, and victimized users will not be singled out. However, we do ask the users who have fallen victim to the phishing email to take 30-60 seconds to review the education material that is presented after falling victim to one of the simulated attacks.
Keeper is a password management application. It stores your login credentials for different websites so they are easily accessible to you while still being stored securely when not needed. Instead of having to remember all of your login credentials, you only need to remember the one master password for your Keeper Vault.
Keeper is available to UAB staff, students and faculty. It is not available to UAB Hospital staff at this time.
To create a Keeper account and start your vault:
- Register with Keeper here.
- Create a master password that is not the same as your BlazerID password. When creating your Master Password, Keeper requires a 15-character password length with one special character (e.g. !@#%), one uppercase letter, one lowercase letter and at least one number. Ideas for secure passwords are available here. Note: Your browser may prompt you to save your Keeper Master Password. NEVER allow the browser to save your Keeper password.
- To complete the registration process, you will need to enter your @uab.edu email address, and set a Master Password along with a "Security Question and Answer." Keeper offers you the ability to choose between one of their security Q&A or you can create your own.
Install the browser extensions available for Chrome, Firefox, Safari & Internet Explorer here. These extensions allow Keeper to automatically create entries in your vault for credentials you enter into different websites. It also allows Keeper the ability to automatically enter credentials for sites for which you have saved entries. For example: If you have saved credentials for Facebook in your Keeper Vault, Keeper will offer to enter those credentials when you visit Facebook.com.
Download the Keeper Vault for your Desktop (Mac, Windows, Linux) from here.
Download the Keeper App for your mobile devices.
The past year has been a productive one for the Faculty Profiles system. Since the first of year, UAB has activated the Faculty Profiles Reporting module for all departments and schools currently using the Profiles system. These reports include new Faculty Evaluation reports and more than 30 Custom Reports that faculty can use to report on all aspects of their profile. In the last few weeks, UAB has also released Aggregate Reports that can be used by chairmen, deans and their administrative delegates. In June, the School of Health Professions used Faculty Profiles for their faculty performance evaluations.
Starting last month and continuing into September, the Faculty Profiles team is training all faculty members and their staff who are taking part in T32 grants. This will add more than 500 new faculty members and their delegates from the Schools of Medicine, Health Professions, Nursing, Public Health, Dentistry and Optometry. We continue to evaluate ways to assist them with their T32 data requirements.
Also trained this year were Art & Art History, School of Dentistry, and School of Public Health. All trainings in total added more than 800 new faculty and staff to the system.
On Aug. 23, the Faculty Profiles team had an exhibit at the School of Education Faculty Resource Fair down at Region’s Field. The team demonstrated the tool, including the new reporting function, and answered questions.
Currently in development are the ORCID and VIVO integrations as well as the upgrade to Elements from 4.17 to 5.1, which will facilitate an even more friendly user experience.
UAB IT's Research Computing division will host a Research Computing Day on Sept. 14, giving faculty, students and staff an opportunity to find out what research work is being done using the resources supported by UAB IT.
The Research Computing Day will also highlight trends in research cyberinfrastructure, with industry leaders participating in the discussion.
"UAB researchers will be able to share how they are using campus cyberinfrastructure to enhance their research, gain new insights from peers and industry experts and contribute towards the growth of research infrastructure at UAB," said Dr. Puri Bangalore, interim director of research computing at UAB and assistant director of the UAB Center for Information Assurance and Joint Forensics Research.
Research Computing Day will be held from 8:30 a.m. to 2 p.m. Sept. 14 at the Hill Student Center, ballrooms C and D.
The event is open to all UAB faculty, staff and students. There is no registration fee; however, seating is limited and registration is required. Complete registration here.
UAB IT has scheduled the outage while classes are out of session to lessen the impact on campus.
The UAB Hospital network will not be affected by the outage.