Security

Passwords

Password Creation

You’re in good company if you are at the point where you want to set up one easy password for everything--but this potentially puts the security of the digital accounts that you use at very high risk. Easy-to-remember passwords can be too easy to remember. Often, your password is all that stands between sensitive information and hostile, thieving criminals -- also known as crackers, or black-hatted hackers.

Criminals are good at guessing passwords. This is why some systems auto-lock down your account after three attempts. Criminals also use software to guess at words, word combinations, and mutated words at the rate of millions of guesses a second. If they already know information about you, it will be even easier to guess.

They count on security fatigue. Did you know that in cases where password databases have been infiltrated, analysts find that common choices were “password”, “123456”, and “abc123”.

Though it may seem that an address, birthdate, pet’s name, telephone number, and similar options are better than 123, these are also too easy for criminals to discover. Your password should not reference information about you, especially if it’s online in your email, on Instagram, in a shopping account, and elsewhere on the Internet where it can be accessed.

What is a strong password? How can you outsmart intruders, and not yourself?

Strong passwords mix characters, typically numbers, punctuation marks, upper and lowercase letters. They may even include an international character or two. Depending on the permitted length, some experts advise passwords be at least eight, if not twelve characters long. The longer, the harder to guess.

Creating strong passwords from a security phrase or a mnemonic can help balance security with memory.

For example:

To use a security phrase, combine 3 or 4 words that would not belong together in a sentence. e.g. parallelweatherdeep.  Then consider applying a code to add complexity by using one you devised to substitute letters, numbers, and punctuation. e.g. p@r@ll3lw3@th3rd33p

Mnemonics. Identify a familiar phrase that you can remember, and use the first letter of each word to start a password. e.g. One if by land, two if by sea. = oibltibs Next, use use a code to add complexity. e.g. !0iBltiBs

Having created strong and memorable passwords, heed the advice of security experts: Don’t reuse a good password. Even if you choose a strong password, it may be leaked. Guard against it being discovered and used by an intruder to access other accounts.

Store your passwords safely. For instance, don’t save them in an email. Don’t share passwords. Others may not be as careful. And, when using a communal

computer, remember to log out of a private account before you walk away.

Antioch Employees:  You are responsible for maintaining security and confidentiality of information stored on systems and computers. Along with using strong passwords, we are asked explicitly not to share passwords and other types of account authorizations with others. Read the Acceptable Use of Electronic Resources Policy (8.101) to fully understand the guidance and responsibilities pertaining to this area.

Password Resets

AUDirect can be used by Antioch students, applicants, faculty and staff to quickly access a variety of Antioch University applications, services, and information. AUDirect uses your personal, non-Antioch email address to communicate information needed to perform password changes and User ID reminders. If you do not have access to this email account, or have not provided a personal, non-Antioch email address, you should contact the helpdesk at 866-662-0056 for all user id/password related issues. To set up access to AUDirect, follow the steps found here, download the AUDirect Password Reset guide, or watch the video guide. 

Avoiding Phishing Scams

Phishing is an e-mail fraud method in which someone sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy people or organizations (e.g. the "Antioch Email Administrator") or Web sites. 

• Do not respond to a phishing attempt. Doing so only provides whoever sent the email with more legitimate account information.

• Antioch University IT Services will never ask you to go to an external (non-antioch.edu) web site to verify, upgrade, or enhance your email account.

• Antioch University IT Services will never ask you to send Antioch User ID or password to us or a third party.

• If you have concerns about a phishing attempt or you have received a recent phishing attempt involving your Antioch account, please feel free to contact us at 1-866-662-0056 (international callers please dial 1-937-769-1226) or submit a help desk ticket through AUDirect or https://helpdesk.antioch.edu/.

To report phishing in Gmail, click the drop-down arrow next to “Reply” and select “Report phishing.” 

More on Phishing:

https://support.google.com/accounts/answer/75061?hl=en

Malware

Short for malicious software, malware is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Common forms of malware include viruses (a type of malware spread by automatic copying from disks or computer networks and intended to interrupt or destroy the functioning of a computer), worms (a type of computer malware that replicates itself onto other programs, commonly used with email messages allowing it to move from file to file and computer to computer), and Trojan horses (a type of computer malware that is disguised to be a known or useful program but contains unexpected or harmful program codes that are activated when it is used). 

All Antioch University-owned computers have anti-Malware software installed on them before they are deployed, including all computers in the various computer labs and libraries at all our campus locations. This software automatically updates and should not be tampered with or disabled. If you have problems with the anti-Malware software installed on an Antioch University-owned computer, please consult a member of the IT Services staff or contact the Help Desk.

Regarding privately owned computers and electronic devices, you are strongly urged to install anti-Malware software (if you have not already done so) and keep it up to date. Recommendations for anti-malware software can be found on the Minimum Computing Requirements page.

Physical Security

Some common sense suggestions for protecting hardware, programs, and data from physical circumstances and events that could cause serious losses or damage:

• • Never leave your portable electronic devices (including cell phones) unattended unless absolutely necessary, then place them out of sight in a secure area.

  • Lock your office door, cabinets, and cubicle storage areas when not in use.  Most laptops are stolen from their owner's office, while the owner is on a break or at a meeting. Consider investing in a laptop cable lock.

  • Use a low-key shoulder bag, briefcase, or backpack for your laptop that provides adequate padding to prevent damage due to bumps and drops. Avoid expensive bags that scream, "laptop inside!" and look "pretty" or "cool" but don't protect your laptop from damage.

  • All computers should be set to require a user password to log on.  

  • Note to Antioch employees: this is true of all Antioch-owned computers when you receive them.

  • Configure your Mac, Windows, or Linux screensaver to require a password. To quickly lock the screen on your PC with Windows 7, press the Windows logo key on your keyboard+L. On a Windows 8+ computer, open Start, then tap or click your account picture in the upper-right corner, and then choose Lock. To do this on a Mac, simultaneously press the following keys: Control + Shift + Eject. If you have a newer Mac that doesn’t have an optical drive (and thus has no eject key on the keyboard, such as the Retina MacBook Pro), the command is Control + Shift + Power.