The Importance of Protecting Your Password

by Noel Laam

In the light of the surging hacking attacks, security protection has become the top priority in all data centres worldwide. With our repeated plea for help and cooperation, some of our users apparently still cannot understand the importance of a good password practice. It is believed that the awareness of the importance of password control needs to be further promoted here.

It is commonly known that, in a university setting, hacking often starts with breaking a password and gaining access to the campus network, and hence the computer account. This is unfortunately difficult to avoid as, up to now, most of the security protection mechanisms are still built around access control by passwords. Although some sophisticated security protection methods such as e-certification do exist, they are very tedious in operation and practically inconvenient for daily use.

At the CityU, we have established two levels of security protection:

  1. Connectivity Level - Network Connection Password

    This refers to the password you use to connect to the campus network via various channels. They include:

    On-campus:
    - departmental LAN in your office
    - student LAN in the computing Services Centre (CSC)
    - wireless LAN
    - public terminals in lecture theatres, classrooms
    - Student Residence
     
    Off-campus:
    - staff PC with direct connection to campus (e.g. Festival Walk Office)
    - CityLink Plus, the CityU dial-up facility
    - Virtual Private Network (VPN)
     
    Once you are connected to the campus network, you can access all services provided by the University. They include software, tools and utilities etc. (some are restricted to campus users only due to licence or bandwidth reasons).
     
    Protection at connectivity level is mainly carried out by using password as well as network and system management tools. However, hacking tools, most of which are available for free from the Internet, are proliferating and becoming astonishingly powerful. Although the CSC has implemented all possible measures and monitored the situation constantly, complete eradication of hacking activities seem still out of the question.

    Cracking of network connection password is surely undesirable; it will enable the hacker to use the university resources `illegally'. Worse still, hackers may take over your account or PC to launch other attacks such as spamming or network attack, wasting university resources and making you liable for such attacks.
     
  2. Application Level - Application Password

    Application password is the password you use to log in the university e-Portal, your email account and some secured facilities such as administrative systems etc. If your application password is hacked, the damage is even more far-reaching than exposing the network connectivity level password described above. It simply opens the door to your personal/private data, which may result in disastrous consequences. Its leakage may allow data to be read, fabricated or altered by hackers. Worse still, if your application password is the same as your network connection password, cracking the latter simply means both defense lines are lost at the same time. If you happen to be the administrator or operator looking after departmental or university administrative systems, the damage is even worse as others' data on these systems can be copied and changed as well.

In view of the importance of these passwords, the CSC has repeatedly reminded our colleagues and students to take good care of them. Nevertheless, we find that a number of our CityU colleagues and students still neither take this seriously nor take appropriate actions to protect their passwords. For example, many of them use the same password for both network connection and application, and use weak passwords such as staff number, date of birth etc. that can be easily cracked by hackers or someone who knows them.

To protect yourself as well as others in the CityU community, the CSC once again urge for your cooperation to make the passwords different, strong (i.e. passwords that are hard to guess), change them regularly, use them only when necessary, and never share them with others. With your cooperation and consideration, it is hoped that the cyberworld of the CityU can become a much safer place from now on.