HOME / INFORMATION SECURITY / TOPICS & RESOURCES /

Passwords & 2SV

Create Strong Passwords

HarvardKey

Your HarvardKey password is valuable. It's used to control access to University services and your personal information, so it should be very difficult for anyone to guess your password and pretend to be you. Harvard Information Security has established the following requirements to make sure your HarvardKey password helps you keep your personal data safe and secure: http://reference.iam.harvard.edu/quick-guide-passwords

Other Accounts

Visit the following site for some pointers on creating strong and unique passwords for all of your accounts: https://security.harvard.edu/use-strong-passwords

Use a Password Manager

Using the same password for all your accounts is very risky--if your account for any service is compromised, all of your accounts are put at risk. However, creating strong, unique passwords for all your personal and work accounts is tough. That’s why the University provides 1Password—a premium password manager used to create, store, and manage passwords for all of your accounts—to all members of the Harvard community.

With 1Password, you can use one strong password to protect the passwords of all your other accounts, including your HarvardKey. 1Password can also create long, complex passwords for personal services like Facebook or Amazon. You don't have to remember them all, just remember your one main password and 1Password remembers the rest. The built-in password generator can also help create unique and complex passwords for all your accounts. Claim your account by visiting: https://huit.harvard.edu/password-manager

Two-Step Verification (2SV)

When you enable two-step verification, any time you use your account on a new device, an authorization code will come to your phone. Without the code, a password thief cannot take control of your account. It is the single best way to protect your account from cyber criminals.

Two-step is available for Twitter, Facebook, Google, and many more services. Check https://twofactorauth.org/ to see a list of the services that offer two-step verification.