Password: Security

No matter if your data sits on your desktop computer, on a file server, or is part of your electronic mail system, the first line of defense for protecting it is a strong password. A strong password can mean the difference between your system being broken into (and the data stolen) or your system being passed over for "greener pastures" (easier systems to be broken into).

Using strong passwords is a requirement for all State-owned systems, as well as mandated by both the Gramm-Leach-Bliley and Health Insurance Portability and Accountability Acts (both directed by the Federal government).

Forget your password?

If you forgot your UT Health Science Center domain password, there is plenty of help. Try the UTHSCSA Self-Service Password Reset. Students can go to the computer lab at the Briscoe Library or to the Service Desk (Triage). Staff and Faculty should contact the IMS Service Desk at 210-567-7777.  Passwords will not be reset through email. Visit here if you need further assistance with password resets.

How to build a password

  1. It must be easy for you to remember, but difficult for anyone else to guess
  2. Make the password at least 8 characters long and as complex as you can remember within the confines of the operating system
  3. Use upper case
  4. Use lower case letters
  5. Don’t forget numbers
  6. Also include punctuation, the more the better.
  7. Start thinking more about passphrases, and less about passwords
    1. Pass-phrases are words or portions of words that make up a phrase or sentence.
    2. “Now is the time for all good men” is a phrase, but one that is made up of regular words; a better use of that phrase could be “NoIsThTiFoAlGoMe!@” which takes the first two letters of each word and then ends the phrase with punctuation. Even better would be to put the punctuation inside the phrase. Even the first letter of the original phrase would work, as long as numbers and punctuation were added (Nit5tf9agm$).
    3. Avoid using “TeoTauy” as a password; it’s commonly known as “The eyes of Texas are upon you”
    4. Pass-phrases can be made sufficiently complex to discourage password crackers and make them go looking for “greener pastures”, that is, someone with simpler passwords.  
  8. !!! BE CREATIVE !!!

When to change your password

Your passwords must change every 60 days, according to university policy.  There are other circumstances that will compel you to change your password. When your UT Health Science Center password is about to expire, the system begins notifying you 14 days before. Change it promptly. Also, if you have any reason to believe anyone else has obtained your password, change it!

Social Engineering:

People will try to get your password using creative means to entice you to share your password with them…

"Social engineering" is the term given for convincing people to give confidential or compromising information about themselves or their organization by posing as someone in authority or as a technical representative. A common trick is for a cracker (posing as technical support) to contact the administrative staff of a busy department leader. Claiming to be working on the leader's e-mail account (always very important), the cracker will claim to need the leader's password to repair the account. No legitimate UT Health Science Center employee will ever ask you to reveal your password. If anyone does ask for it, immediately contact your supervisor and the Service Desk (Triage) at 7-7777.

Don’t share your password

UTHSCA policy does not allow users to share passwords with anyone. There are a lot of good reasons to not do so, but one big reason is that you are not able to disprove transactions made by others in your name; in particular any mistakes or misdeeds done by those who have access to your passwords.

Other protections

People could be watching you type your password. We call this “shoulder-surfing” because it is thought that folks could be looking over your shoulder while you type.

Don’t write down your passwords

You won’t hear us say anything about writing passwords down. We have to commit them to memory. Do not hide your passwords under mouse pads, keyboards, or inside unlocked desk drawers. There are file encryption tools you can use to store passwords in a text file.

Contact Information Security and Assurance by phone at 210-567-7777, or by email.