Sharing passwords is NOT okay
Submitted by Joseph Tesoro, It Security Education Specialist IMITS
You have an important meeting that starts in 10 minutes—and you’re nowhere close to work.
You decide to teleconference in, but realize you need a critical document that’s on your work computer for the discussion. You decide to call a trusted co-worker and give her your network password so she can retrieve the information. And when you arrive at work you change your computer password so it stays a secret. You think that no harm is done.
A week later you have a meeting with your manager. You’re informed that the IMITS Cybersecurity team flagged your computer account for inappropriate access to personal information that you have no business accessing. You’re shocked: you know you didn’t do it and told her so. You think, “How could this have happened?” and then remember sharing your password with your co-worker. Was this trouble is related to that?
Never EVER share your password.
In this scenario it was Cyber Thief Sam—not your co-worker—that impersonated you.
Cyber Thief Sam happened to be close enough to overhear the conversation between you and your co-worker. He watched as your co-worker wrote down your password on a sticky note and walked over to your computer to log in. Unbeknownst to you, your co-worker left the sticky note on his desk while he went on break, and that’s when Sam took the opportunity to steal your password, log in as you, and gain access to all that unauthorized personal information.
IMITS Information Security says:
You are the only person responsible for all activities performed with your username and password.
If you need a new password because you feel your current one is no longer a secret, here are some tips:
- Consider using spaces - Ex. Instead of "ihave1dog", make it "i have 1 dog"
- Consider using misspellings - Ex. Instead of "ilove2eatthat", make it "iluv2ettht". Non-dictionary words make it more secure.
- Consider using long and complex passphrases, instead of a password - Ex. Instead of "2dogs1cat", add punctuation, capitalization, spaces and misspellings to make it "I own 2 dggs, and 1 caat!"
- Consider enabling two-factor authentication (if applicable). Many social media and email accounts provide this feature.
Research shows that a computer will take two centuries to guess a password if it has twelve characters.
The moral of the story?
Don’t share passwords; you never know where Cyber Thief Sam might be lurking next. And when it comes to creating new passwords, remember that longer is stronger.
ALSO IN THIS ISSUE
- Get ready to drop, cover and hold on!
- Flu clinics start next week!
- Our pursuit of world class
- Five in five: What you need to know about CST this week
- Your stories. Now available on The Daily Scan
- Support Patients' and Residents' Hand Hygiene Today!
- Celebrating Mental Health & Wellness at Providence
- How Foundry is transforming health care for young people
- Diversity in Spiritual Care
- How Crosstown Clinic helped a Vancouver city council candidate get his life back
- New research and education partnership to foster innovation in Cascadia
- Interested in Knowledge Translation? Announcing the PHC/VCH KT Challenge!
- No Borders
- October's Ethics Case of the Month is here!
- 19 days remaining in the “Change One Thing" challenge
- October 14-20 officially declared as Health Care Security and Safety Week!