F.A.Q.

Tell me about...

  • A password manager is a service that manages passwords: sort of what it says on the tin really.



    A password manager allows you to create and use unique strong passwords for every online service you need, while only having to remember a single strong password to access for the password manager.

    •  Are they secure?

      They are good – but, all software (including security products) has its limitations and potential vulnerabilities. That said, the benefits of increased password uniqueness and strength across your entire online footprint greatly outweighs this residual risk.

      For a password manager to remain as secure as it can be, you must protect your ‘master password’ – and we would strongly recommend enabling some sort of two-factor authentication as well.

    • What are some examples of password managers?

      Choice of Password Manager depends on specific circumstances and preference. While not endorsing any product in particular; the following password managers have good reputations in the broader security community.

     

  • A strong password is:

    • Unique – used for only one login/service;
    • Long – 17 characters or more is a strong password;
    • A mixture of characters – use a cocktail of upper-case, lower-case, numbers and symbols;
      • However, don’t make common substitutions like ‘0’ (zero) for ‘o’ or ‘3’ for ‘e’ –hackers know this too, and these will actually weaken your password;
    • Not a keyboard pattern – Patterns like ‘1234’, ‘12345’, ‘qwerty’, ‘qazwsxedc’ are all well known by attackers and hence weak and wickedly insecure.
    • Not built on ‘Discoverable’ Personal Information – including personal attributes such as favourite sports team, birthdate, family member/pet names etc., phone numbers. If this information is easily deducible from social media or other sources, attackers can use this to speed up guessing of your password. So no passwords like ‘raiders4eva’

    A ‘strong’ password adhering to the above will hinder the most common forms of password guessing attacks (dictionary and brute-force).

    1. Accept that you are human: it happens. Don’t be down on yourself. It happens to all of us to some degree at some stage. Well done for picking it up and looking for how to combat it.

    2. Change your passwords
      1. If it was your ANU account/password that was phished – report it to the ANU Service Desk immediately, and you will receive help and further instructions. Don’t worry about being blamed for anything; we’re all human remember and we’re here to help;
      2. Change the passwords of other critical accounts you have for the services/accounts involved. But do this from a device that wasn’t the one you got phished on.



         
    3. Scan your Device
      1. If the device you got phished on was an ANU managed device contact ANU Service Desk and follow instructions
      2. For all other personal devices/BYOD, update your anti-virus software and run a full scan. Also, run an update of your devices operating system.

     

    1. Recovery & Vigilance
      1. If it was sensitive information phished, like your banking password, notify your and immediately;
      2. Watch for signs of identity theft: unusual financial transactions or unusual behaviour on other sensitive accounts.
      3. Where possible implement two-factor authentication
  • Two factor authentication is a way of significantly increasing the security of your accounts – and you should use it wherever possible. When using two actor authentication, a service will be ask you for a username and password, but also then ask for a code sent via SMS or from an ‘RSA token’ or even an app you have on your phone.
    It a depends on the service and how you set it up.
    The TL;DR is – use it wherever possible.

  • All of us.

    No – really. Cyber Sense is about us ALL working to improve our personal online security, in order to protect all individuals in the community.



    But it is not all on you to make that change all by yourself. ANU is relentlessly taking steps to improve the corporate security infrastructure – the Information Security Office, Information Technology Services, Colleges and Schools are all taking steps to improve our online security: and over time Cyber Sense will provide some insights on these. Cyber Sense is about us stepping up, having some fun and doing our own personal best in this space.



    If you need to contact those of us in the hamster wheels who are supporting the program itself, you can contact us through cybersense@anu.edu.au