If you keep track of your passwords by writing them down or have them in a spreadsheet, you need to read this.
A password is required to do many things online at Colby and at other sites on the Internet, from retailers to banks. By now, everyone should know the basic rules of the road for managing passwords and accounts:
- Use strong passwords—a good password is either complex (with numbers, upper and lower case letters, and symbols) or longer than 18 characters. Avoid using dictionary words, or things that would be easy for someone to guess.
- Use a unique password for every accounts—this is important because if someone were to obtain one of your passwords, they could use it to access other accounts.
- Never provide password to anyone— Phishing emails are notorious for asking you to log into a webpage using your username and password or face some threatening action of you don’t.
- Never store your password(s) in a file on your computer, or anywhere.
- Consider changing your password—the best way to prevent someone from using your password is to change the password.
A very common problem with using strong, different passwords for every account is remembering all of the passwords and which accounts they are for. Colby ITS’ Office if Information Security recommends using LastPass, an on-line password manager. The service allows for the secure generation, storage, and even sharing of passwords and account information with other LastPass users. LastPass offers a free version for personal use, and Colby administers enterprise accounts for Faculty and Staff with a business use case.
Here is what you need to know:
- Colby ITS will issue and administer LastPass accounts only for employees who have a work-related need for account/password management. Examples of this include accounts/passwords for external sites and services, such as merchants, support, and finance.
- If you do not meet this criteria, LastPass offers a free account for personal use.
- A Colby-issued LastPass account requires the use of a second authentication factor, such as a smartphone (Google Authenticator) or a Yubikey. ITS also recommends that a second factor be used for personal accounts.
- Personal data should not be stored in a Colby-issued Last Pass account because if you change positions or leave Colby, the account will be retired along with all data within it. Personal LastPass account(s) can be seamlessly linked to your Colby-issued account by following these instructions.
For more information on Last Pass or to request a Colby-issued LastPass account, please contact the Director of Information Security, Chad Tracy at firstname.lastname@example.org or 859-4199.