Passwords

Create passwords that are unique and hard to guess and use two-step verification where it is available. A password is how you prove you are you. Technology has gotten better and better, so isn't it time to improve the way you handle passwords? The information contained within the 'Use Strong Passwords' section of the University's 'Small Actions, Big Difference' security campaign can teach you how to create a strong password, manage all your passwords in a password manager, and enable two-step verification to protect against account theft wherever the service is available. 

Create Strong Passwords

HarvardKey

Your HarvardKey password is valuable! It's used to control access to University services and your personal information, so it should be very difficult for anyone to guess your password and pretend to be you. Harvard Information Security has established the following requirements to make sure your HarvardKey password helps you keep your personal data safe and secure: http://reference.iam.harvard.edu/quick-guide-passwords

Other Accounts

Visit the following site for some pointers on creating strong and unique passwords for all of your accounts: https://security.harvard.edu/use-strong-passwords

Use a Password Manager (Don't Reuse Passwords!)

Using the same password for all your accounts is very risky--if your account for any service is compromised, all of your accounts are put at risk. However, creating strong, unique passwords for all your personal and work accounts is tough. That’s why the University provides LastPass—a premium password manager used to create, store, and manage passwords for all of your accounts—to all members of the Harvard community.

With LastPass, you can use one strong "master" password to protect the passwords of all your other accounts including your HarvardKey. LastPass can also create long, complex passwords for personal services like Facebook or Amazon. You don't have to remember them all, just remember your one master password and LastPass remembers the rest! Claim your premium account by visiting: https://security.harvard.edu/lastpass

Two-Step Verification

When you enable two-step verification, any time you use your account on a new device, an authorization code will come to your phone. Without the code, a password thief cannot take control of your account. It is the single best way to protect your account from cyber criminals. 

Two-step is available for Twitter, Facebook, Google, and many more services. Check https://twofactorauth.org/ to see a list of the services that offer two-step verification.