Use passwords that can't be easily guessed, and protect your passwords.
- Do not share your usernames or passwords.
- Avoid writing usernames and passwords down.
Examples of weak passwords are:
These passwords are not strong since they can be easily guessed and deciphered.
Good, cryptic passwords contain a mixture of uppercase and lowercase letters, numbers, and symbols. You can create a strong and unique password by using a phrase and incorporating acronyms and shortcut codes.
Your passwords should also be:
- At least 8 characters in length, or longer if they're less complex.
- Difficult to guess. They should not include real words or personal information, such as usernames, the names of family members, places, pets, birthdays, addresses, hobbies, etc.
- Easy to remember, so you don't have to write them down. Consider using a password manager.
Examples of strong passwords are:
You should password protect all of your devices.
Note: Your uNID (e.g., u1234567) uniquely identifies you to the University of Utah computer network. You are responsible for everything logged to your uNID account. Sharing your password and/or assigned accounts for any reason is a violation of university policy.
Back up your data
Make backup copies of files or data you are not willing to lose, and store the copies securely. UBox is one option available to U students, faculty, and staff.
Minimize the storage of sensitive information.
- Try to keep sensitive information off of your workstation, laptop computer, and other electronic devices, and delete it whenever possible. UBox and Microsoft Office 365 OneDrive are free cloud storage solutions that are protected and can be used to store sensitive information.
- Do not keep sensitive information or your only copy of critical data, projects, files, etc., on portable or mobile devices, such as laptop computers, tablets, phones, USB flash drives, etc., unless they are properly protected (e.g., encrypted, password protected, and securely stored). These items are especially vulnerable to theft or loss.
Never reveal your password or click on unknown links or attachments. Be careful who you share your private information with.
- Do not respond to email, instant messages, texts, phone calls, etc., asking for your password. You should never disclose your password to anyone, even if that person claims to work for the University of Utah or other campus organizations.
- Click on links only from trusted sources. Never click on an unfamiliar link unless you have a way to independently verify that it is safe. This includes tiny URLs (e.g., bit.ly) and any link that you can't tell where it will take you.
- Do not open unsolicited or unexpected attachments. If you can't verify an attachment is legitimate, delete it.
- Do not give private information — in person, over the phone, via email, instant message, text, Facebook, Twitter, etc. — to anyone you don't know or who doesn't have a legitimate need for it.
- Beware of IRS scams and phony computer support scams. These are usually over the phone and threaten dire consequences if you do not act immediately. The IRS will communicate with you only via the United States Postal Service (USPS).
Safe browsing and email use
Protect your information when using the internet and email.
- Use only trusted, secure web pages when entering personal or sensitive information
online. Do not log in to websites or online applications unless the login page is
- Look for https (not http) in the URL to indicate a secure connection.
- Be especially careful about what you do over Wi-Fi. Information and passwords sent
via standard, unencrypted Wi-Fi (most public access wireless is unencrypted) are especially
easy for criminals to intercept.
- Check your Wi-Fi preferences and/or settings to make sure your devices aren’t set up to auto-connect to any wireless network they detect. Auto-connecting to unknown networks could put your device and data at risk.
- Use UConnect and ULink, the U's network for IoT devices, for secure Wi-Fi on campus. UGuest and eduroam are not secure Wi-Fi networks and are not recommended for regular use. Use the campus virtual private network (VPN) when connecting to public Wi-Fi.
- Do not send restricted and/or sensitive data via email, text, or instant message. These are not generally secure methods of communication.
- Be extremely careful with file-sharing software (e.g., BitTorrent). File sharing opens your computer to the risk of malicious files and attackers. Also, if you share copyrighted files, you risk being disconnected from the campus network, as well as serious legal consequences.
Antivirus and patching
Make sure your computer is protected with antivirus software and all necessary security patches and updates, and that you know what you need to do, if anything, to keep them current.
You should shut down or restart your computer at least weekly — and whenever your programs prompt you when installing updates. This helps ensure software and security updates are properly installed.
Don’t install unknown programs
Do not install or download unknown or unsolicited programs or apps to your computer, phone, or other devices. These can harbor behind-the-scenes viruses or open a “back door,” giving others access to your devices without your knowledge.
Physical security is the protection of personal hardware and information from actions and events that can cause damage or loss.
Lock your screen
Shut down, lock, log off, or put your computer and other devices to sleep before leaving them unattended, and make sure they require a secure password to start up or wake up.
- To lock your screen on a PC: Press <ctrl><alt><delete> or <Windows><L>.
- To lock your screen on a Mac: Use the Apple menu or press the power button.
You should also set your computer and devices to automatically lock when they're not being used.
Secure your device
Secure laptop computers and mobile devices at all times — lock them up or carry them with you.
- Phones and laptops are stolen from cars, houses, and offices all the time. They can be just as vulnerable in your office or dorm room, or at coffee shops, meetings, conferences, etc.
- Make sure it is locked to or in something permanent.
Secure your environment
Secure your area before leaving it unattended.
- Lock windows and doors, take keys out of drawers and doors, and never share your access code, card, or key.
- Lock up portable equipment and sensitive material.