Skip to content

Category: Passwords

Link

Elmo's Account Hacked: What We Know - Newsweek

Elmo's account on X, formerly Twitter, has been hacked, according to Sesame Workshop, the nonprofit organization behind Sesame Street, per The New York Times.

Elmo says: Enable Two Factor on all social media accounts!

GW Cybersecurity Password Resource Page

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #SecuringGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

 

Link

Password Reminder

We have heard this before, but it is important to remember that unique passwords are critically important to being CyberSafe.  In a recent example, it appears that the breach of McDonalds hiring data (64 million applicants) was caused by either a default or temporary password.

The McHire platform, Carroll explains, enables restaurant owners to log in to view applications, and forces Single Sign-On (SSO) for McDonald’s. However, a sign-in page for Paradox team members allowed logging into a ‘123456’ user account, with the ‘123456’ password. (Security Week 7/11/2025)

GW Cybersecurity Password Resource Page

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #SecuringGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

 

Published on

National Cybersecurity Alliance Logo

World Password Day is May 1st!

Create and Use Strong Passwords

Online Safety and Privacy Jan 10, 2025 | 4 Min Read 
Passwords are the keys to safeguarding your digital and online life. They are your first line of defense. And knowing how to create and store strong passwords is one of the most critical aspects of everyday cybersecurity. This World Password Day, take some time to make sure you are following these best practices to stay safe online! Read more

What is Multifactor Authentication (MFA) and Why Should You Use It?

Online Safety and Privacy Jan 17, 2025 | 5 Min Read 
Multi-factor authentication adds a whole new layer of security to each of your accounts. When you turn on MFA, you use more than a password to log in. We recommend turning on MFA for every account that permits it. Read More

Password Managers

Online Safety and Privacy Sep 6, 2022 | 4 Min Read
Our advice about unique, strong, and complex passwords probably seems overwhelming if you've never used a password manager before. However, modern services can help you breathe a lot easier. Password managers have made it easier than ever to maintain strong passwords! Read More

Will Passwords Become a Thing of the Past?

Online Safety and Privacy  May 18, 2023 | 2 Min Read
What to know about passwordless authentication and passkeys.
Passkeys are an exciting new technology that remove the need for passwords. Instead of entering a password, with passkeys you typically log in by having a secure device handy (like a phone) and using biometrics, like a facial scan.  Read More

Security Bytes: Passwords

Security Bytes short video series password etiquette episode Watch 1 min Video 

GW Cybersecurity Password Resource Page

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #SecuringGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp[@]gwu.edu, or visit ithelp.gwu.edu

Published on

When choosing passwords, it is important to choose complex passwords that are diificult for humans and computers to guess.

There are several approaches to creating secure passwords. In this post, a summary of the suggested password components to enhance your online security are provided.

Minimum password length: 18 characters

Passwords should contain:

  • Include Symbols
  • Include Numbers 
  • Include Lowercase Characters
  • Include Uppercase Characters

Tips for Maintaining Password Security 

  • Use a password manager - these tools can manage all of your passwords, assist in generating secure passwords, and provide awareness of compromises of your username or password online.
  • Regularly Update Passwords: Absolutely change passwords when you learn of any compromise of sites where you have accounts. Also, it is a good idea to set a schedule for changing passwords. Using a password manager can greatly reduce the effort in changing passwords more frequently.
  • Be Wary of Phishing Scams: Do not share your passwords through email or messages. Always verify the source before entering your credentials. 

It is highly recommended that you enable Two-Factor Authentication (2FA): 2FA on all sites, but particularly in sites that contain your financial and personally identifiable information (that includes social media). Multifactor authentication adds an extra layer of security by requiring a second form of verification. 

Common Password Mistakes to Avoid 

  • Using Common Passwords: Passwords like “123456,” “password,” and “qwerty” which are easily guessable. 
  • Recycling / Reusing Passwords: Using the same password across multiple sites increases your risk if one site is breached. 
  • Writing Passwords Down: Storing passwords in plain sight, like on sticky notes, can lead to unauthorized access.
  • Public Information: Using phrases that contain publicly available personal information or things you shared on social media.

This post is presented by the GW IT Cybersecurity Risk and Assurance team.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

Between all of your online accounts, whether personal or work accounts, you probably have many unique — and complex — passwords to manage.  And since you know better than to write them down in a notebook, have them on sticky notes hidden under your mouse pad, or stored digitally on your desktop, what are you supposed to do? 

Passwords are one of the most vulnerable cyber defenses used to protect our online accounts, as passwords are the only barrier between online accounts and cybercriminals who have a desire to access to our data and systems. Utilizing a password manager is a security best practice that cyber professionals are recommending for us.  

Along with other security tips, password managers minimize the risk of mis-managing our passwords. The question that arises here, are password managers secure, and what is our responsibility here to manage the password manager? 

What is a Password Manager?

A password manager is software that allows users to generate passwords, store, and manage account information including usernames and passwords all in one location. Password managers offer other features such as complex password suggestions, identifying weak or repeated passwords used, and alerting its users when their credentials appear compromises. When you use a password manager, you will set a password that is often referred to as the “master” password.  This will be the only password you will need to remember.

Password managers are available in different formats: 

  • An online service hosted by a third party and accessed through a website portal. This type is useful if you need access to the password manager from multiple devices. 
  • Software installed locally on a workstation that can operate either completely offline or connected to the internet to synchronize your information to a cloud database and get software updates.  

Are Password Managers Secure? 

Password managers can offer a high level of security level for account credentials and information, if best practices are used to secure their master password.  Whether you use, or planning to get, an online, or an offline password manager, you need to follow the following practices: 

  • Do your research and get a trusted password manager software that has a high reputation in the industry. 
  • Use a strong master password for your password manager account and never forget it. Some password manager vendors would never retrieve your account if you can’t remember your master password. 
  • Enable two-factor-authentication (2FA) to your password manager account for an extra layer of security.  
  • Keep your password manager software, web browsers, and all other software you use up-to-date. 
  • Audit the list of devices that are approved to access your password manager. 
  • For work-related accounts, always use password managers that are approved by your organization. Follow your organization’s policies, standards and procedures when processing, storing or sharing work-related data. 

Remember, if password managers are managed appropriately, they will offer you the level of security you are looking for to your online accounts’ passwords. 

This post is presented by the GW IT Cybersecurity Risk and Assurance team with information from CISA.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

Longer passwords make brute force attacks more difficult. Brute force attacks involve malicious actors using powerful computers to guess your password. As you can see in the following chart provided by researchers at Hive Systems, the best protection against Brute Force attacks are complex passwords containing at least 13 upper and lower case letters.

It is estimated that passwords of this moderate complexity will take 241 million years to crack.

Adding numbers to the moderate complexity password containing 13 upper and lower case letters increases the password resilience against compromise to 2 billion years.

An even more secure password that adds symbols, would increase the 13 character password resilience to 11 billion years.

For extreme protection, particularly to guard against improvements in processing power of computers, an 18 character password containing numbers, upper and lower case letters, and symbols would take an estimated 19 quintillion years to compromise.

It is important to note that password complexity protects against automated guessing. A 13 character password that contains mixed case words may be difficult for a computer to compromise. However, access to personal information may enable a person to guess a password much more easily than a computer. Consider the implications of family names, birthdates, and occasions being shared on social media and how this information provides some contextual information that could assist someone in their password guessing attempts.

Source: Hive Systems https://www.hivesystems.io/password

This post is presented by the GW IT Cybersecurity Risk and Assurance team.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

Cybersecurity is a shared responsibility for everyone. You can help #secureoutworld through direct action. Account compromises impacts individuals, families, organizations, and employers. The following tips can assist you in keeping your information and GW data safe.

The Core 4

As with most things in life, an ounce of cybersecurity prevention is worth a pound of cure. Follow our "Core 4" to show hackers you mean business.

1. Passwords / Password Managers

Use long, complex, and unique passwords. Every password should be at least 12 characters long and include letters, numbers, and symbols (like % or $). Ideally, your passwords should be random strings of characters, not recognizable words. Very importantly, each account should be protected by its own unique password. To create and store all these passwords, use a password manager!

2. Multi Factor Authentication

Switch on multi-factor authentication. Multi-factor authentication (MFA), sometimes called 2-factor authentication, adds a whole other level of security beyond your password. MFA will use biometrics, security keys, text messages, or an app to make sure you are you, even if a hacker gets access to your password. Enable MFA for any account that allows it!

3. Recognize and Report Phishing

Think before you click. Learn how to identity phishing messages, which will often try to inspire panic or urgency. Take a few seconds to read through the message and who sent it. With a little knowledge, you can spot most phishing attempts within moments.

4. Automatic Updates

Turn on automatic updates. The best way to get the latest, strongest security is to install software updates as soon as they are available - and the best way to know when they are available is to turn on automatic updates! Set it, forget it, and you won't regret it!

Checkout the Events Calendar for details on webinars related to the Core 4 and other cybersecurity topics.

Source: National Cybersecurity Alliance https://staysafeonline.org/online-safety-privacy-basics/hacked-accounts

This blogpost is offered to you by the GW Information Security and Risk Services team. 

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu. 

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp[@]gwu.edu, or visit ithelp.gwu.edu

Published on

Between all of your online accounts, whether personal or work accounts, you probably have many unique — and complex — passwords to manage.  And since you know better than to write them down in a notebook, have them on sticky notes hidden under your mouse pad, or stored digitally on your desktop, what are you supposed to do? 

Passwords are one of the most vulnerable cyber defenses used to protect our online accounts, as passwords are the only barrier between online accounts and cybercriminals who have a desire to access to our data and systems. Utilizing a password manager is a security best practice that cyber professionals are recommending for us.  

Along with other security tips, password managers minimize the risk of mis-managing our passwords. The question that arises here, are password managers secure, and what is our responsibility here to manage the password manager? 

What is a Password Manager?

A password manager is a software that allows users to generate passwords, store and manage accounts’ information including user names and passwords all in one location. Password managers offer other features such as complex password suggestions, identifying weak or repeated passwords used, and alerting its users from entering their credentials to suspicious websites. To create a password manager account, you need to set a password that is often referred to as the “master” password. 

Password managers are available in different formats: 

  • An online service hosted by a third party and accessed through a website portal. This type is useful if you need access to the password manager from multiple devices. 
  • Software installed locally on a workstation that can operate either completely offline or connected to the internet to synchronize your information to a cloud database and get software updates.  

Are Password Managers Secure? 

Password managers will offer users the security level they are looking for to their accounts’ credentials and information if they follow best practices to secure their password manager account.  Whether you use, or planning to get, an online, or an offline password manager, you need to follow the following practices: 

  • Do your research and get a trusted password manager software that has a high reputation in the industry. 
  • Use a strong master password for your password manager account and never forget it. Some password manager vendors would never retrieve your account if you can’t remember your master password. 
  • Enable two-factor-authentication (2FA) to your password manager account for an extra layer of security.  
  • Keep your password manager software along with web browsers you use up-to-date. 
  • Audit the list of devices that are approved to access your password manager. 
  • For work-related accounts, always use password managers that are approved by your organization. Follow your organization’s policies, standards and procedures when processing, storing or sharing work-related data. 

Remember, if password managers are managed appropriately, they will offer you the level of security you are looking for to your online accounts’ passwords. 

This blogpost is offered to you by the GW Information Security and Risk Services team. 

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

Cybersecurity has become one of the most significant hot topics inside and outside technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is an evidently constant news cycle dedicated to cybersecurity mishaps and concerns. With this continuous stream of bad news, it can be challenging for you to know how to keep secure in the face of cybersecurity and threat actors. 

Everyday users have a huge role in cybersecurity threat prevention, detection, and remediation. According to a Wall Street Journal article, many hacks are successful by convincing someone inside or close to the target company to divulge network access credentials or other critical information. Therefore, GW’s first line of defense in helping to combat cyber-related issues is you. 

Here are 4 essential best practices that you can adopt today to enhance your cybersecurity and create a more secure cyberspace for you and GW.  

Watch out for Phishing Attempts

Phishing is when a threat actor poses as a legitimate party such as a bank, delivery service or other organization in an attempt to get individuals to click harmful links. Phishing remains one of the most popular tactics used  today. In fact, 80% of cybersecurity incidents stem from a phishing attempt. While phishing has gotten more sophisticated, the phishing signs remain the same. Look for typos, poor graphics, and other suspicious characteristics (incorrect logo or email address) as these can be red flags indicating that the content is a phish. In addition, if you think you have spotted a phishing attempt while logged into the GW network, report the incident to GW IT immediately. To report an incident please contact the GW Information Technology Support Center at 202-994-GWIT (4948) or email abuse@gwu.edu

Update your Password

Password cracking is another tactic that cybercriminals use to access sensitive personal information.  To guard against password cracking, having unique, long and complex passwords is one of the best ways to boost your cybersecurity immediately.  It is highly recommended not to repeat passwords across your accounts because once a hacker cracks one account, they can easily do the same across all of your accounts. 

Passwords can be tough to remember. That’s why it’s smart to use a password manager to help you secure your various passwords in one place. Password managers are easy to use and can automatically plug-in your stored password when you visit a site. Along with other security tips, password managers minimize the risk of mis-managing account passwords.

Take Advantage of Secure Wi-Fi 

Mobile hotspots and public Wi-Fi networks are typically not password-protected,  so it’s easier for threat actors  to gain unauthorized access to devices. Students, faculty, and staff should take full advantage of the university Wi-Fi networks when on campus. They are password-protected and only allow internet access across the university premises, operating as a secure online bubble for every user to work in peace.  

Lock your Device

Whenever you're logged into your devices (computer, laptop, phone, etc.),  you’re also open to potential unauthorized access by hackers and other threat actors.  The easiest way to prevent unauthorized access to your device is to lock it whenever you leave it unattended. All you have to do to get back on your device is enter the correct password, and you can pick up where you left off. If you wouldn't leave your house with the front door wide open, you should not leave your devices unlocked, especially when they are unattended.  

This blogpost is offered to you by the GW Information Security and Risk Services team. For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security  

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu.  

Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission. 

Published on

Written by Patrick Hansen

Grinch Taking Money Image


Keeping an eye out for scams is a year-round job for anyone who uses the internet. But for scammers, the holiday season is the time to strike, while everyone is distracted by time off, gifts, and plans with family. From fake websites, gift cards, to even fake charities, it is important to stay on guard during the last part of the year.

Holiday Phishing

(If you need a refresher on phishing read this piece.)

Criminals love the amount of shopping and shipping that goes on during the last quarter of the year. They pretend to be Amazon, UPS, FedEx, Apple, and almost every other household brand name there is. A lot of phishing attacks come by email, declaring a problem with your order, shipping, payment, etc. In the past few years, SMS phishing has also shot up with intent just as malicious.

Always remember, the real companies you interact with, won’t email or text you asking for personal information, and DON’T CLICK LINKS. If you are ever unsure about an email or text, look up the number for customer support and call.

Gift Cards

A gift card is a very sought after item for criminals because of the anonymous nature of purchases once it is gifted. Once it’s gone, it’s gone, and you won’t be able to get it back. Online, criminals will always try to get you to pay for a gift card and send them the information.

Another thing to look out for is gift cards that have been tampered with. When buying a gift card from the store, make sure that the credit card number on the gift card is still covered. Criminals have ways to monitor when the card with that specific serial number is loaded with money so they can try to spend it before you can.

Fake This, Fake That

Online shopping can be extremely convenient, but there are things to watch out for. Some scammers will put up websites and buy domains that look very similar to real brand websites in appearance and URL. Always try to verify the website you are on in some way. If you are ever paying for something online, the “s” in “https” is a must.

Sadly criminals will also set up fake charities designed to pull at your heartstrings. A quick Google search of the charity should provide enough information and others to verify it is real.

Conclusion

The holiday season is prime time for cyber thieves to attempt scams and steal your money and information. Always remember to double-check the random Amazon email, the random UPS text, gift cards, and everything else that is common for this time of year.

Never give out your information and if there is any doubt, just contact the company itself. It is important to be aware of these attacks and be on guard year-round, but especially around the holidays, so you can enjoy them with cheer.

 

Viewing Message: 1 of 1.
 Notice

This site uses cookies to offer you a better browsing experience. Visit GW’s Website Privacy Notice to learn more about how GW uses cookies.