2018 Cybersecurity Awareness Month: Passwords

Passwords... Your First Line of Defense!

Passwords can be inconvenient, but they’re important if you want to keep your information safe. Protecting your personal and work information starts with STOP. THINK. CONNECT.: Stop and take security precautions, Think about the consequences of your actions online and, Connect to the Internet with peace of mind. Here are some simple ways to secure your accounts through better password practices.


Four Rules Of Password Security

  1. Choose a strong complex password or passphrase.
  2. Don't share it with others, ever!
  3. Change it occasionally - immediately if you suspect someone has stolen your password. 
  4. Don't use the same password for different online accounts. Use a unique password for each account.

Make Your Password A Sentence

A strong password is at least 12 characters long, so the general rule is to create a short pass-phrase. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love my SPU!”).  Here are a few additional tips once you have a good pass-phrase, 

  • Add complexity by using upper and lower case letters, numbers, and special characters such as !@#$%^&*()?/[]\ (for example, the password "spufalconsarenumberone" can be made stronger by adding complexity such as "SPUFalconsare#1").
  • Add a letter(s) at the end of your base password to make the password unique for each account, such as: SPUFalconsare#1FB  (for your Facebook account)

Test your password strength with a Password Checker

Use Two-Factor Authentication

Two-Factor Authentication (2FA), also called Multi-Factor Authentication (MFA), combines something you know (your password) with something you have (like a mobile device or a security dongle), or something you are (like a fingerprint or an eye scan). Many banks and online services (Facebook, Apple iCloud, Microsoft, DropBox, etc.) are providing optional (or even mandatory) multi-factor authentication for accounts. Take advantage of these tools. It will make your access much more secure.

SPU offers 2FA to Faculty, Staff, and Student Employees to secure sensitive data.

Use A Password Manager

Keeping track of different passwords for all your online services can be a big challenge. Consider using a Password Manager application or service. Password managers integrate into most web browsers and mobile devices making them much easier to use. There are many to choose from. Here are a few that SPU staff use:

LastPass  • 1Password  • KeePass

Passwords at SPU

Changing Your SPU Password

At SPU, the same Username and Password are used for most campus resources: Banner, Canvas, Webmail/Outlook, network access, etc. You can change this password through the Banner Information System.

  1. Log in to Banner with your SPU username and password
  2. Select the Personal Menu--> then Computer Accounts Menu
  3. Choose Change Your Password
  4. The password sync takes about 15 minutes to be in effect for all SPU resources.
  5. After you change your password make sure you update it on any device that might store the password (phones, tablets, etc...).

Store an External Email Address in the Banner System

There are times when you forget your password or need to reset your SPU password online. SPU can use an alternate/non-SPU email address to help you reset your password if there is one stored in Banner. As an added security measure, you will receive email notifications to your Non-SPU account advising you of SPU password resets, Direct Deposit changes, and Location Tracking notifications.

  1. Log in to Banner with your SPU username and password
  2. Select the Personal Menu--> then Personal Information Menu
  3. Choose Update Email Address
  4. Then ADDCHANGE or DELETE your NON-SPU email address(es).

Location Tracking for SPU Credential Use

When you log in to selected SPU online services (like Banner, Canvas, the SPU White Pages, and several others) you will be notified via email if the network LOCATION of that connection has never been used by you before.

The email message will provide an approximate location (if it can be determined), time, and online service accessed. If you recognize the general location and time identified in the email alert, you can disregard the notice. If you do not recognize the location, or if the login was NOT YOU -- your SPU credential could be compromised. Reset your SPU password immediately and contact the CIS HelpDesk at 206-281-2982 or help@spu.edu if you have any questions or concerns.

If you forget your SPU password and need help to reset it, you can go to: http://spu.edu/findmyid/ for assistance.

A reminder that  SPU will NEVER  ask you to send your login credentials or other personal/confidential information via email. Your account credentials should not be shared with anyone.