Frequently Asked Questions - Security :: Passwords

Printer-friendly version

Sometimes it takes a while for your new password to synchronize with all the applications you use, so try waiting an hour or rebooting the system first to see if that fixes things.

If you're trying to access Gmail or Google Apps through myHumboldt or at webmail.humboldt.edu and you're ending up on the bare Google Apps login page rather than the myHumboldt login page, you may be able to fix this by simply restarting your browser. If that doesn't resolve the issue, your best option is to clear your browser cache and cookies, enabling the whole process to make a clean start. If you're seeing a specific error message, check out these possible solutions.

If you're accessing the network from an iPhone and you're seeing an "incorrect password" message every time you try to log in, your old password is still stored on the phone. Follow these instructions to change the password in settings.

 

Printer-friendly version
  • Never store your passwords in a regular document like Microsoft Word or Excel - use a password manager
  • Never send passwords in an email to anyone.
  • Change your passwords regularly.
  • Abide by password policies; they are there for your protection.
  • When you send email, do not give your email username. It’s half of the equation to getting your login credentials.
  • Never share passwords.
  • Never write down passwords on a piece of paper unless you stored it in a locked cabinet or safe.
  • Always make your password a strong password.
Printer-friendly version

You can outsmart the hackers and keep your information safe by following some common sense rules:

  • Don’t write down passwords. If you must, keep them under lock-and-key; like a fireproof safe.
  • Once is enough. Don’t use any form of your last password more than once.
  • Don’t just add one last character to make a new password. DON’T do this: *Uz18hm1 to *Uz18hm2, etc.
  • No dictionary words, proper names, or slang.
  • Use an easy to remember phrase and turn it into a password. For instance, “Twinkle twinkle little star how I wonder what you are” becomes “Ttlshiwwya”. Make it a strong password by adding a symbol and numbers: “Ttlshiwwya#8”. This is your best bet.
  • HSU user names should never be used for accounts elsewhere or as part of a password.

There's a useful password strength tester online at http://www.passwordmeter.com. Bookmark this site and use it every time you change or add new passwords.

Printer-friendly version

Using simple passwords increases your risk of getting hacked. Hackers typically use computers and program robots (bots) to increase the odds in their favor. Computers are ideally suited to mindless tasks like trying one password combination after another.

Any password that can be hacked in less than a day is too weak. The longer it takes to crack a password, the more likely the hacker will move on to an easier target. The use of strong passwords increases the odds in your favor. If you are curious about your password creation savvy, you can test password complexity by going to www.passwordmeter.com - it will give you a feel for what works and what doesn’t.

Printer-friendly version

Sophos, the company that provides HSU with virus protection software, recently analyzed a series of security breaches to determine the most common passwords (all of which, and more, were stolen in the breach). Here are just the top 20 most frequently used:

123456
password
12345678
lifehack
qwerty
abc123
1111111
monkey
consumer
12345
0
letmein
trustno1
dragon
1234567
baseball
superman
iloveyou
gizmodo
sunshine
 
You can see the complete list on Sophos' web site.

And it's not just the headline-grabbing data breaches that put passwords in the hands of the bad guys. Malware like the infamous Conficker worm actually had lists of commonly-used passwords built into them - and have used them to try to spread further.

Whenever hackers see the same password used in multiple places, they add them to their dictionaries. So if you use any of these passwords, or ones like them, change them NOW.

Printer-friendly version

Hackers use five basic methods for obtaining passwords.

  1. What’s your password? The easiest way to get a password is to simply ask. People often share their passwords with technicians, colleagues, friends, and family. Even having a secure password isn't going to change this because you gave away your insurance. When it comes to passwords, don’t be a sharer, ever, with anyone.
  2. Guessing game. People naturally choose a password that's easy to remember. The easiest ones are those that relate to you as a person - things like your last name, pet's name, spouse’s name, birthdays, favorite car, color, food, etc. Unfortunately for you, these are also really easy things for a hacker to find out about you.
  3. Computer aided brute force and common word attacks. Hackers use programs that attempt to sign in to your accounts using different character combinations one at the time until it gets lucky and finds a match - the kind of boring, repetitive task for which computers are ideally suited..
  4. Dictionary attacks. This is the same general concept as 3 above - the only difference is that the hacker is banking on your password being a word that's in the dictionary.
  5. Password-cracking software. There are free password recovery tools that retrieve passwords stored on a computer; these were originally developed to help system administrators retrieve forgotten passwords, but of course they are equally adept at doing this for hackers. Administrator passwords are the gold-standard for password-cracking software, because it gives them access to absolutely everything.

 

Printer-friendly version

You wouldn’t leave your front door key under the mat for strangers to find so they could walk in and help themselves to whatever they wanted. It’s just as unwise to have weak passwords that could let digital thieves do exactly the same with your online banking, shopping, investment, tax, and credit card accounts. And it's not just your main computer that can allow access to this vital information - your wireless routers, tablets, smartphones, and other devices all have associated passwords that put the safety of your digital world at risk.

Printer-friendly version

That's where those security questions you provided when you activated your account come in handy. HSU offers a simple way to reset your password if you lose or forget it, but you will need to provide the answers to your security questions so that we know we're providing access to your account to the real you, not someone who's posing as you.

Printer-friendly version

This is always a challenge, so we've created some guidelines and helpful hints that should make it easier for you to come up with a strong password that works for you.

Printer-friendly version

If you don't set a new password before the old one expires, you won't be able to log into your HSU email, Moodle, or anything else on the network that requires password access. But all is not lost. You can go to www.humboldt.edu/reset to apply a new password to your account. You'll need to answer some security questions to verify your identity; if you haven't already included security questions in your Account Center profile, take a few minutes to do so now, before it's too late.

Printer-friendly version

You'll receive your first reminder email 14 days before your password expires, and again 7, 3, 2, and 1 day before the deadline. That should be plenty of time for you to make the change.

Printer-friendly version

The requirement for regular password change is part of a larger HSU effort to make campus computing systems more secure. Even the strongest password gets weaker over time as password-cracking systems become more sophisticated.

feedback