“Nobody’s going to hack me – I don’t have anything worth stealing!”

“I’ve never told anyone my password, so there’s no point in changing it.”

“I can’t have a different password for each account; I would never remember them all!”

“Sure a random password might be better, but at least I don’t have to write this one down anywhere.”

“I’m not going to turn on 2-factor authentication. It’s a hassle, and it wastes time!”

If you have ever found yourself making any of those statements, then here’s an important message for you: It’s time to change your password. And if you aren’t already using DUO 2-Factor Authentication, sign up ASAP. It’s a campus standard.

The entire country is seeing a massive increase in the number of compromised accounts across the board. And whether it’s from your password being available from a data breach somewhere, being guessable from your social media clues, or being short or simple enough to hack by trying random combinations until one works, you are not immune from having your account information stolen. That’s why you need to change your password and turn on 2-factor authentication, and that’s why the Office of Information Technology is focusing on how to "Build a Better Password" for cybersecurity month this year.

How do I change my password?

You can change your Auburn password in the program called MyAccount. Unfortunately, a common phishing technique is to send you an email that looks legitimate with a link that prompts you to login to change your password, and your account ends up compromised. OIT will never email you and ask you to click on links that require login information (even if they look like they come from Auburn); so instead, we’ll tell you how to get to MyAccount through the Auburn website.

• Before you start, make sure you have all of your devices that are connected to your Auburn account (phones, laptops, tablets, etc.)
  
  
• Open a web browser and go to the Auburn homepage (auburn.edu)
  
  
• For Students:
  • Click on the Students tab in the top left-hand corner of the page
        
    
    
  • Under Most Popular Applications, click the link for MyAccount (password update)
        
    
    
• For Employees:
  • Click on the Employees tab in the top left-hand corner of the page
         
    
    
  • Under Online Resources, click the link for MyAccount (Password Update)
        
    
    
• When MyAccount loads, login with your Auburn username and password
  
  
• Once you're logged in, click the link to Update Password
      
  
  
• Follow the password rules to create a password that meets the Auburn Password Policy Requirements
  
  
• Update your password on all of your other devices
  
  
• If you have any questions or concerns, click on the Help button in the top right-hand corner of MyAccount, or reach out to the IT Service desk at 334-844-4944.
  

How do I set a strong password?

Simply changing your password from ‘password’ to ‘123456’ isn’t going to do much for you. Here are our key tips for strong, secure passwords:

• Make them complex: Your password should contain a mix of uppercase and lowercase letter, numbers, and special characters. Some accounts even let you include spaces, and those are great for added security. Your passwords also shouldn’t be easy to guess, like anniversaries or pet names. To take it a step further, OIT recommends using a passphrase rather than a password. A strong passphrase might look like this:  my c@tt iz 2 smarT 4 hiz oWn gud!
  
  
• Make them longer: The new requirement for Auburn passwords is a minimum of 12 characters, and we recommend you make all passwords at least that long as well. The more characters a password has, the harder it is to crack.
  
  
• Make each password unique: Do not use the same password across multiple accounts, or even just simple variations on the same password. Each password should be completely unique so that if one gets hacked, it doesn’t immediately grant access to another account.
  
  
• Use a password vault: It’s nearly impossible to remember unique, complex, long passwords for every account you own. The simple solution is to store them all in a password vault so you only have to remember your master password. Auburn provides free premium accounts with LastPass for anyone with an @auburn.edu email account. Just make sure your master password is extremely secure, because if it gets hacked, the rest of your data could be at risk. And since every password can potentially be hacked, MAKE SURE you turn on 2-Factor Authentication as an added layer of protection. Every account is safer with 2-Factor. 
  
  
• Change your password annually: Even with all of those precautions in place, the best practice is still to change your password on a regular basis. We recommend at least once per year.
  
  
• Never share your password: This won’t help you create a strong password, but it will help you keep it secure. Never share your login credentials with anyone. It seem like a great way to save time, but you won’t feel that way if you have to go through all the steps of reporting identity theft or fraud.

What else should I do?

Whenever you set up an account, make sure to use strong security questions, and always have a backup email so you can receive a notification if someone tries to make changes without your permission. You can set up both of those for you Auburn account in the MyAccount page. Doing so will help keep your data more secure, and, if something were to happen, it would allow you to respond much more quickly. If you have any questions, or if you think you may have been the target of a phishing attack, please contact our cybersecurity team at infosec@auburn.edu.