Password Reuse - Helpful Tips for Cyber Security Awareness Month

This notice is from the archives of The Notice Board. Information contained in this notice was accurate at the time of publication but may no longer be so.

October is Cyber Security Awareness month and IT Services would like to give you some tips and reminders on how to stay safe online.

What do you mean by password ‘reuse’?

Passwords are used all over the internet and you likely have many different ones to access services such as your email, banking, online shopping, as well as University of Lethbridge sites.  Password reuse is when the same password is used for multiple services. Password reuse across multiple sites creates major security risks for you and for the University. If a website is compromised and an attacker steals your credentials to gain access to one account, they can also log into every other account that uses the same password.  

How does this happen? 

Sites around the internet are compromised by cyber criminals who steal multiple user credentials. These cyber criminals will then attempt to use that information to log into other websites. In other cases, these credentials, including usernames and passwords, are ‘dumped’ on the internet for unlimited access by other cyber criminals.   

What is the risk? 

If you are reusing your University of Lethbridge password on websites that are compromised, cyber criminals will potentially have access to all your University services. This problem is amplified if you are using your university email for personal accounts, such as online banking applications, as attackers could use the email addresses to reset login details to gain access to these accounts. Besides being a personal risk, password reuse puts the University at risk for account abuse and significant data breaches and loss. 

Are we at risk?  Are you at risk? 

The University has never been subject to a cyberattack that has compromised multiple user credentials and we have an Information Security team that works diligently every day to mitigate probable threats. By using resources available, the Information Security team has identified and reset over 290 passwords since August 2019, as they were identified as being used here at the University and across multiple sites.  Cyber criminals are becoming more sophisticated and savvier which means that we need to stay a step ahead and ensure that we aren’t providing easy access to our own information.  

Tips for password security: 

There are some best practices you should engage in to prevent possible damage from password reuse:

  • Only use your University password for your University account. Personal passwords should never be used for work services, and vice versa.  

  • Always use a different password for online banking and other websites.  

  • Websites such as Have I been Pwned allow you to keep an eye on your email and password security. 

  • Use a password manager to automatically generate, store and retrieve passwords. Some password managers to consider: 

                   - KeePass (Free) 
                   - LastPass (Free and Premium) 
                   - Dashlane (Free and Premium) 
                   - RoboForm (Free and Premium) 

 For more information 

To get more information about passwords and the latest information security now affecting the University, please visit the Information Security Office communication site at: https://uleth.sharepoint.com/sites/information-security-office.


Contact:

Kevin Vadnais | kevin.vadnais@uleth.ca | uleth.sharepoint.com/sites/information-security-office