UQSchoolsNet

Stay cyber safe

Learn about the simple things you can do to protect yourself from cyber security risks.

  1. Use secure passwords
  2. Secure web browsing
  3. Using wifi safely
  4. Email scams
  1. Staying safe on social media
  2. Secure your mobile device
  3. What to do if your account or device has been compromised
  4. Protect your personal information

1. Use secure passwords

Use strong passwords or passphrases

A strong password is long, complex (difficult to guess) and unique. (A password manager application can generate and store strong passwords for you).

You can visit the Have I been pwned website to find out if any websites or services you have used are known to have been compromised and check if your password has been exposed in a data breach.

Strong passwords should:

  • use a passphrase
  • include at least 12 characters
  • include upper and lower case letters, at least one number, and at least one special character
  • be unique (not used for any other account). This is important because if one of your accounts is compromised, criminals will try using the stolen credentials to access other services.

What is a passphrase?

A 'passphrase' is a password created by combining whole words. This is a simple way to create long, strong passwords that are easy to remember (e.g. 2Book#Shoes%).

To create a passphrase:

  1. Select 2 or 3 random words.
  2. Add a special character between the words.
  3. Capitalise some of the letters.
  4. Add at least one number.
  5. Ensure the passphrase is at least 12 characters long.

When creating your password or passphrase, avoid using:

  • anything too similar to your current password (e.g. don't just increase the number at the end of your current password)
  • anything close to a common term or phrase.
  • any identifying information (e.g. your name, phone number or date of birth)
  • other personal information (e.g. car registration, maiden name or address).
  • a password you have used before.
  • duplicate characters or keyboard patterns (e.g. aaabbbccc or qwerty).

Password managers

The most secure place to store your password is your memory, but this can be difficult (remember, strong passwords are unique). We recommend you use a password manager.

Getting started with password managers

There are many personal password managers available. Basic functionality is usually free, additional features are sometimes available with a subscription or payment. Research options to ensure you choose a service that is reputable and meets your needs.

Recommended password managers include:

  • 1Password
  • Norton Password Manager.

When setting up a password manager:

  • Use a strong, unique passphrase as your master password.
  • Enable multi-factor authentication (MFA) if available
  • Install the application on all your devices. Install browser plugins or extensions for any web browsers that you use.
  • Begin storing passwords for your existing accounts in the password manager. You will usually be prompted to do this whenever you log in somewhere new.
  • Once you have stored a password, you should delete it from any other location you have saved it (e.g. email, web browser).

Web browser password storage

Most web browsers contain built-in password managers and will offer to remember and automatically fill passwords for you. These are not recommended for the following reasons:

  • Accessing your passwords from a specific browser is a significant limitation.
  • Web browsers often permit access to stored passwords without requiring authentication or MFA. Somebody with remote or physical access to your device could gain unrestricted access to your saved passwords via the browser.

Apple 'iCloud Keychain'

Apple's 'iCloud Keychain' password manager is available on Apple devices and the Safari browser, unfortunately it does not support non-Apple platforms. Unless you use Apple devices exclusively, a standalone password manager that enables you to access your stored passwords on any device is recommended.

Don’t share your passwords

Sharing passwords with others (even people you trust) exposes you to a range of risks and should be avoided. Never share your password. 

  • Once you have shared a password with others, you no longer have control of how the account may be used, or how securely the password will be stored.
  • Methods used to transmit and store passwords are often insecure, e.g. email, text message, and paper
  • Actions carried out using your account are linked to you (even if it was someone else). This can be problematic if unauthorised, inappropriate, or even illegal activity is associated with your account.

If you need to share information, or provide access to a particular service or resource, there are usually secure methods for doing this that don't require sharing of personal account passwords. Some password manager applications also allow you to share your account access without exposing your password.

Be careful of tactics used to gain unauthorised access to accounts

Cyber criminals use a variety of tactics to obtain information that can be exploited to gain unauthorised access to accounts.  Some common tactics used include:

  • Phishing attacks prompt you to log in to fake websites, browsing social media accounts to collect personal information, or even communicating with us directly.
  • Multi-factor authentication (MFA) prompt bombing is another form of cyber attack where the objective is to gain access to an account that is protected by MFA. The hacker attempts to trick you into allowing them access to your account by repeatedly sending you MFA requests to your device. The strategy being that they will catch you off-guard or you will become irritated by the number of MFA requests and approve the request

Passwords should be changed regularly

There are often no signs or warnings when one of your accounts is compromised or a password has been stolen. Changing passwords regularly helps to ensure you retain control and can limit the time that an account is exposed if compromised.

You should regularly change the passwords for important accounts.

Download

Download our Cyber Safety Posters:

Cyber Safety Posters (PDF)