Adrian EllisonAssistant Director, IT Services

Wednesday 23 November 2011

• Protect our data• Protect our identity• Prevent misuse• Often the only form of IT security• Reduce the risk of compromise• Helps maintain LSE’s reputation

• Why?– LSE has over 40,000 user accounts– Safer: a stronger password is harder to crack– Reduces risk: of misuse, data theft, identity theft – Audit requirement– After consultation (LISC, ISSG, DHF) DMT approved

a new password policy

• On 17 January 2012 new policy comes into effect

• Anyone who does not have a strong password less than one year old will beforced to change it

• You will then need to change it again at least once a year

• At least 8 characters long• Must contain at least one CAPITAL letter and

one NUMBER or SYMBOL• Cannot be a dictionary word• Cannot be something that you’ve used before• Should be difficult to guess (but easy for you

to remember)

• Default ITS password for logging into your PC, Remote Desktop, Webmail, LFY, Moodle, Online Recruitment for staff and RPGs

• You may have other IT accounts, e.g. for specialist business systems which might have a separate password

• It will not affect your other passwords (e.g. Google, Yahoo, Hotmail, online banking etc.)

• IT Services will be running a campaign to publicise the change. They will be a website offering more advice and guidance

• There are tips and tricks to choosing memorable strong passwords

• Try and use it everyday: to log in to your PC, access online resources (LSE For You, Moodle), and to unlock your PC when you’ve been away.

MnemonicCapitaliselast letter

Birthyear

Add a ‘£’symbol

Think of a quote…

“

”

Transpose ‘o’ for ‘0’(‘1’ for ‘i’ and ‘3’ for ‘e’ are good too)

Pick first 2 or 3 words and run together(tip: next year pick the next 2 words)

Leadingunderscore

What was that date again?

How do I change my password?

What if I’m not in School?

• You can change your password when you are away from the campus in one of two ways:– Using the password reset in LSE For You– Using the Remote Desktop

WeakWeak

Medium StrengthMedium Strength

StrongStrong

What if I forget my password?

• You can set some personal security questions with answers in LSE For You. If you have, then you can use them to reset your password

What if I forget my password?

• You can set some personal security questions with answers in LSE For You. If you have, then you can use these to reset your password

• You can ring your IT support team or the IT Helpdesk and they will help you

So what do I do next…?

• Set your security questions in LFY NOW!• Think of your own ‘mnemonic’ or memorable

quote• From it, devise your personal strong password• When you feel comfortable with it change it

anytime from today onwards• Use it every day to log in and lock your PC when

you are away from it• Tell your colleagues please

What should I not do…?

• DO NOT write down your new password and store it anywhere obvious (in your desk drawer, under your keyboard, in the cover of your notebook)

• DO NOT share your new password with colleagues

Who’s received one of these?From: LSE [mailto:webmasterr@lse.ac.uk] Sent: 18 May 2011 12:48Subject: Official message

Dear web mail Owner,We are contacting you to inform you that our Account Review Team identified some unusual errors in your account profile.This may be due to the following* Using a shared computer to access your online webmail.* Not logging off after webmail usage.Due to this an account update has been issued to rectify.Follow the Link Below providing the required security information correctly to re-gain access or we will  locked your account permanentlyclick here    Or lse.ac.uk security update  **Thanks *© 2011 LSE - London School of Economics and Political Science. All rights reserved

Never, never, never…

• Give out your IT password to anyone!• Not your colleague, not your PA, not to IT staff

But I want to give access to…

• My email, H:space – in case I’m away• I routinely share files with colleagues• Use DELEGATE ACCESS in Outlook – ask your

IT Support Team for help• Consider using Shared Storage

(Deptshared/P:drive) instead

Using Cloud-based services

• ITS has provided new guidance on the use of Cloud-based services like Dropbox, Doodle, and Google Docs

• To summarise:Use for easy access to data and collaborationDon’t use for sensitive personal and/or confidential data, valuable data, or data you can’t afford to lose.

• See our website for details

✔✖