ITS Urges Users to Use Different Passwords at Different Websites

(Article submitted by Vince Spiars, information security and operations manager)

Passwords are like house keys
In this article, we compare passwords to house keys and talk about why you should use a different password for each website. We also remind you that Wesleyan, or any reputable organization, will never ask for your password, or ask you to log in to verify your account.

Protecting your password is as important as keeping the keys to your house safe and secure
Just like the physical keys you have on your key ring, passwords unlock access to your private digital places such as email, banking, credit card, news, information, shopping, and social websites. At work, your password is a similar key that grants you access to services and possibly sensitive information at Wesleyan; however, a breach of this access may not just impact you. If you work with or have access to PII (Personally Identifiable Information) like Social Security numbers, grades, credit card numbers, or demographic information, a compromise of your password could affect many constituents. So, protect your passwords like you protect your house keys.

Do not use the same password for different websites
The news reports the breaching of companies around the globe almost daily—Target, Equifax, TJMaxx, Panera, Macys, and LinkedIn to name just a few. If you use the same password for multiple sites and one account gets breached, all your accounts should be considered breached because the bad guys will try your password on other sites.

Furthermore, if you use your Wesleyan email address for your account and use the same password as your Wesleyan account then you have just provided the bad guys access to all the information you have access to at Wesleyan, which includes your payroll/direct deposit information. A common use of purloined passwords is to change payroll direct deposits.

Use a password manager
Using unique passwords for each website/account could be challenging to remember, but there are free tools out there called password managers to help you manage all your unique passwords. Passwords managers work with most web browsers to store and use passwords across all your websites. At Wesleyan, we have a pilot program using a password manager called LastPass (www.lastpass.com). You can sign up for a free personal LastPass account for all your personal websites like flowers.com, amazon.com, washingtonpost.com, etc. For your work-related passwords, you can request a LastPass enterprise account. Please email security@wesleyan.edu if you would like to try LastPass for Wesleyan-related passwords. The Wesleyan version of LastPass also allows you to share passwords with others on your team.

We will NEVER ask for your password or for you to confirm your password or account
We do not want your password. If there is ever a concern about your password, you will be asked to change it in WesPortal.