adrian ellison assistant director, it services wednesday 23 november 2011
TRANSCRIPT
• Protect our data• Protect our identity• Prevent misuse• Often the only form of IT security• Reduce the risk of compromise• Helps maintain LSE’s reputation
• Why?– LSE has over 40,000 user accounts– Safer: a stronger password is harder to crack– Reduces risk: of misuse, data theft, identity theft – Audit requirement– After consultation (LISC, ISSG, DHF) DMT approved
a new password policy
• On 17 January 2012 new policy comes into effect
• Anyone who does not have a strong password less than one year old will beforced to change it
• You will then need to change it again at least once a year
• At least 8 characters long• Must contain at least one CAPITAL letter and
one NUMBER or SYMBOL• Cannot be a dictionary word• Cannot be something that you’ve used before• Should be difficult to guess (but easy for you
to remember)
• Default ITS password for logging into your PC, Remote Desktop, Webmail, LFY, Moodle, Online Recruitment for staff and RPGs
• You may have other IT accounts, e.g. for specialist business systems which might have a separate password
• It will not affect your other passwords (e.g. Google, Yahoo, Hotmail, online banking etc.)
• IT Services will be running a campaign to publicise the change. They will be a website offering more advice and guidance
• There are tips and tricks to choosing memorable strong passwords
• Try and use it everyday: to log in to your PC, access online resources (LSE For You, Moodle), and to unlock your PC when you’ve been away.
Transpose ‘o’ for ‘0’(‘1’ for ‘i’ and ‘3’ for ‘e’ are good too)
Pick first 2 or 3 words and run together(tip: next year pick the next 2 words)
Leadingunderscore
What if I’m not in School?
• You can change your password when you are away from the campus in one of two ways:– Using the password reset in LSE For You– Using the Remote Desktop
WeakWeak
Medium StrengthMedium Strength
StrongStrong
What if I forget my password?
• You can set some personal security questions with answers in LSE For You. If you have, then you can use them to reset your password
What if I forget my password?
• You can set some personal security questions with answers in LSE For You. If you have, then you can use these to reset your password
• You can ring your IT support team or the IT Helpdesk and they will help you
So what do I do next…?
• Set your security questions in LFY NOW!• Think of your own ‘mnemonic’ or memorable
quote• From it, devise your personal strong password• When you feel comfortable with it change it
anytime from today onwards• Use it every day to log in and lock your PC when
you are away from it• Tell your colleagues please
What should I not do…?
• DO NOT write down your new password and store it anywhere obvious (in your desk drawer, under your keyboard, in the cover of your notebook)
• DO NOT share your new password with colleagues
Who’s received one of these?From: LSE [mailto:[email protected]] Sent: 18 May 2011 12:48Subject: Official message
Dear web mail Owner,We are contacting you to inform you that our Account Review Team identified some unusual errors in your account profile.This may be due to the following* Using a shared computer to access your online webmail.* Not logging off after webmail usage.Due to this an account update has been issued to rectify.Follow the Link Below providing the required security information correctly to re-gain access or we will locked your account permanentlyclick here Or lse.ac.uk security update **Thanks *© 2011 LSE - London School of Economics and Political Science. All rights reserved
Never, never, never…
• Give out your IT password to anyone!• Not your colleague, not your PA, not to IT staff
But I want to give access to…
• My email, H:space – in case I’m away• I routinely share files with colleagues• Use DELEGATE ACCESS in Outlook – ask your
IT Support Team for help• Consider using Shared Storage
(Deptshared/P:drive) instead
Using Cloud-based services
• ITS has provided new guidance on the use of Cloud-based services like Dropbox, Doodle, and Google Docs
• To summarise:Use for easy access to data and collaborationDon’t use for sensitive personal and/or confidential data, valuable data, or data you can’t afford to lose.
• See our website for details
✔✖