Protecting Your Account

Employees and Students are issued a University Account

All users are expected to be responsible in keeping their university accounts (email, school WiFi, online systems) secure. With this, there should be no sharing of passwords, improper use of your account should be avoided, and antivirus and other software on your devices must be updated.

Please be reminded that if someone else gets your password, they can not only see and possibly destroy your files, but also perform other illegal activities in your name.

How to Keep Your Account Secure

Use strong passwords for your accounts.

You may refer to the following guidelines for password creation:

  • A strong password is hard to guess, but it should be easy for the user to remember—a password that has to be written down is not strong, no matter how many of the characteristics below are employed.

  • DO USE a combination of uppercase and lowercase letters, numbers, and non-alphanumeric characters (e.g. punctuation marks, spaces).

  • DO USE different passwords for different accounts.

  • DO NOT use any personal information (e.g. names, birthdays, phone numbers) in any form (e.g. capitalized, reversed).

  • DO NOT use any words straight from a dictionary. Instead, insert extra characters randomly in the word.

  • DO NOT use passwords that are a sequence of keys on the keyboard (e.g. qwertyui, 12345678).

  • DO NOT use recycled passwords.

  • Have a unique password for every account.

Make use of Passphrases

  • a passphrase is a longer version of password but still keeping in mind the characteristics of a strong password mentioned above.

  • A passphrase can be a song lyric, quote, movie title with uppercase, lowercase, numbers and special characters intermixed in it e.g. the series What’s Wrong with Secretary Kim? will be “W#@t’s Wr0ng W1th $3cret@ry K!m?” or the lyric “Sugar, we’re goin’ down swinging” can be “swgd$w1ng!n6”



For more tips on how to create a strong password, check out this link: https://www.tylercybersecurity.com/blog/what-makes-a-strong-password-and-six-steps-to-create-one

Enable two-factor authentication (2FA) on your social media and email accounts.

What is Two-Factor Authentication (2FA)?

Two-Factor Authentication (2FA) is a two-step process to verify the identity of the user using another email address or mobile number. It aims to provide increased security for both the user's account credentials and the information or resource being accessed.

How does it work?

  1. When you sign in to Google, you will be asked to provide your password.

  2. As a second layer of verification, you will have to click on a verification link sent via email, or enter a security code sent to you via text message, voice call, or through a mobile app.

To set up 2FA for your Google account, please follow the steps on this link: https://www.google.com/landing/2step/

Source: Google Support - 2-Step Verification

3. Be responsible and manage your password/s.

  • Change your passwords regularly. It is encouraged to change passwords every 90 days. Come up with a password that is as strong as (if not stronger than) the previous one, but is not difficult for you to remember.

  • Change all default passwords as they are simple and usually easy to guess.

  • Do not share your password. Make sure that recorded passwords are not stored in unsecured documents or unprotected files that can easily be accessed by other people.

  • Have a unique password for different accounts. This will ensure that if one account is compromised, other accounts will not be at risk.

To change your Google account password, please go to https://myportal.ateneo.edu or contact the IT Resource Management Office (local 4185).

I think my account has been hacked! What should I do?

Your account may have been compromised if you notice any unwarranted changes to your personal information, settings and other items.


  1. Change your passwords immediately. Make sure that you are using different passwords for different accounts.

To change your Google account password, go to https://myportal.ateneo.edu


  1. Change the email associated with your account and check if two-factor authentication is enabled.


  1. If you have credit cards associated with your account, notify the bank/s and other online service providers affected immediately.


For further assistance, please contact the IT Resource Management Office. You may send an email to itrmo@ateneo.edu or call local 4185.


Visit the link below for more tips: https://www.kaspersky.com/resource-center/threats/what-to-do-if-your-email-account-has-been-hacked

Other Tips

  1. Username and password combinations must not be inserted into email messages, chat, or other forms of electronic communication unless the message is encrypted.

  2. If you have to leave your computer unattended, always logout of your account or make sure that no confidential or sensitive information is displayed on the screen.

  3. Leave no trace of your web activity by deleting temporary internet files and browsing history.

  4. Beware of people who are closely watching your web activity, especially while you are entering your credentials.

  5. Always deny the "Remember Password" feature of applications (e.g. web browsers) especially when using a public or shared computer.

  6. Do not state the passwords or give a format when using the password hints (e.g. birthday and surname)

  7. If you are using multiple devices to access your account, consider logging out once in a while to lessen the security risk.


To logout your Gmail account in all devices at once, follow the steps below:

  • Login to Gmail and go to Settings

  • Scroll down to the bottom part of your Settings page and see the Last account activity portion. Click Details

  • In the pop-up window that will appear, click Sign out all other Gmail web sessions

5. Review and manage your account activity and security settings. For your Google account, go to: https://myaccount.google.com/security.