August 2014

2nd Road Show for Annual Notebook Ownership Programme Starting on 10 September
Three Smart Tips to Keep Your Credentials Safe
Hot News: FREE MS Office ProPlus Software Licenses for CURRENT STUDENTS!!
OneDrive for Business - 1TB Free Cloud Storage Available to Staff and Students
Reminder – Software Asset Management (SAM) Exercise 2013/14
Phasing-out of Legacy Network Protocols - IPX and AppleTalk
Upgrade of ITS HelpCentre Online Tracking Service (HOTS)
Green Campus - New Online Graduate Employment Survey Now Ready
Update on SUSE Certified Linux Administrator Training for Students
September Staff IT Training Workshops

  home   e-Views




Three Smart Tips to Keep Your Credentials Safe


Credentials have become the #1 attack vector

Credentials have become the number one attack vector, according to the 2014 Verizon Data Breach Investigation Report. The following illustrates how attackers work:


Phishing emails are always a common tactic attackers use to collect your user account passwords.

There have been three phishing email attacks in the past two months.     



Remember:  The University does NOT ask users to provide their account passwords through email!!  If you get an email from ANYONE asking for your account information and password – DELETE IT – DO NOT click on the link!!!


Three Smart Tips to Keep Your Credentials Safe



Keep it secret


DO NOT tell anyone your password, not even your system administrator. Your user credentials are just like the pin number of your bank account. Would  you share that pin number with others?

2. Change it regularly and quickly

  Change your password regularly. Once every three months is reasonable for most purposes. If you suspect that somebody knows your password, change it immediately.

Choose it carefully


Choose a password that you can type quickly. However, do not use passwords based on your personal information such as your name, date of birth, account name and phone number, etc. Words that can be easily guessed like "qwertyu" "password", "abcd1234", "letmein" and "P@ssw0rd", etc. should also be avoided.

You can use a passphrase with a combination of characters instead of a simple password. For example, you can transform the sentence "My birthday is September 1 2001" into a passphrase like: "My Bd@y 1s S3pt 1 2@0!"



Joseph Lam
Manager (Information Security)