CyberSecurity Awareness #2: Passwords

Created by Micah Schaafsma
Last updated: Apr 15, 2020
3 min read

Passwords... Your First Line of Security!

Test your password strength: Password Checker. Need something better?? See the instructions below to reset your SPU password. A password is often all that stands between a hacker and your sensitive data.

Location Tracking for SPU Credential Use

When you login to selected SPU online services (like Banner, Canvas, the SPU White Pages, and several others) you will be notified via email if the network LOCATION of that connection has never been used by you before.

The email message will provide an approximate location (if it can be determined), time, and online service accessed. If you recognize the general location and time identified in the email alert, you can disregard the notice. If you do not recognize the location, or if the login was NOT YOU -- your SPU credential could be compromised. Please contact the CIS HelpDesk at 206-281-2982 or help@spu.edu or follow the directions below to reset your SPU password.

Four Requirements for Password Security

  1. Choose a strong complex password or passphrase.
  2. Don't share it with others, ever!
  3. Change it occasionally - immediately if you suspect a compromise. See instructions below to change your SPU password.
  4. Don't use the same password for different online accounts. Unique account, use a unique password. 

Table of Contents

Use a PASSPHRASE to Create a Strong Password

What makes a strong password?

  • Length - a minimum of eight characters are required for SPU accounts, but 12 characters (or more) will provide better security.
  • Complexity- use upper and lower case letters, numbers, and special characters such as !@#$%^&*()?/[]\.

How to use a Passphrase (a few suggestions):

  • Think of a short sentence or phrase you can easily remember. An example might be: God is in control. Add complexity to the phrase: Godis1nControl#2017
  • Choose three random words: snake, apple, eve. Add complexity to the words: $nake@pple8Eve
  • Add a letter(s) at the end of your base password to make the password unique for each account, such as: $nake@pple8EveFB (for your Facebook account)

Want to Change Your SPU Password?

At SPU, the same Username and Password are used for most campus resources: Banner, Canvas, Webmail/Outlook, network access, etc... Change this password through the Banner Information System.

  1. Login to  Banner  with your SPU username and password
  2. Select the Personal Menu--> then Computer Accounts Menu
  3. Choose Change Your Password
  4. The password sync takes roughly 15 minutes to be in effect for all SPU resources.
  5. After you change your password make sure you update it on any device that might store the password (phones, tablets, etc...).

Use Multi-Factor Authentication When Available

Multi-Factor Authentication (MFA) is a method of computer access control that requires two of the following: something you know (like a password), something you have (like a mobile device or a security dongle), or something you are (like a fingerprint or an eye scan).

SPU already uses MFA for certain administrative access to the Banner system, and will be adding additional MFA options and requirements later this school year.

Many banks and online services (Apple iCloud, Microsoft, DropBox, etc..) are providing optional multi-factor authentication. Take advantage of these new tools. It will make your access much more secure.

Store an External Email Address in the Banner System

There are times when you forget your password or need to reset your SPU password through our automated system. We can use an alternate/non-SPU email address to help reset your password if there is one stored in Banner. CIS recommends that EVERYONE setup a NON-SPU/External email address.

As an added security measure, you will receive email notifications to your Non-SPU account advising you of SPU password resets, DirectDeposit changes, and Location Tracking notifications (see above).

  1. Login to  Banner  with your SPU username and password
  2. Select the Personal Menu--> then Personal Information Menu
  3. Choose Update Email Address
  4. Then ADDCHANGE or DELETE your NON-SPU email address(es).

If you forget your SPU password and need help to reset it, you can go to: http://spu.edu/findmyid/ for assistance.

Consider Using a Password Manager Application

The difficulty of keeping track of different passwords for all your online services is a big challenge. You might want to consider the use of Password Manager application or service. There are many to choose from, but here are three that have been vetted by CIS:

All of these provide low cost or free personal use.

A reminder that  SPU will NEVER  ask you to send your login credentials or other personal/confidential information via email. Your account credentials should not be shared with anyone.