Passwords should be confidential.
Some tips to keep passwords safe:
- Do not write them on paper or in visible places.
- Change them regularly even in systems where it is not mandatory.
- Do not save them automatically on systems (for example, browsers).
- Use different passwords for different accounts and systems.
- Passwords used in a work context should not be the same as the ones used in a personal context.
A secure password is made up of 9 characters at least and contains:
- Upper and lower case alphabetic characters (A, B, C, D,…, a, b, c, d, etc.);
- Numbers (1, 2, 3, 4, etc.);
- Special characters (#, $,%, -,>, +, &,!,?, Etc.).
To create a safe password, think about a sentence that is easy to remember and then define a method to transform the sentence into a password.
Sentence: I bought my first car in 2017!
Method: Use the first letter of each word and alternate irregularly between uppercase and lowercase letters; only use the last two digits and keep special characters.
Password: IbmFCiE17! (Do not use this example)
Information will be available soon.
External Mobile Devices
- Be suspicious of external devices (USB sticks, etc) with unknown origins.
- Disable the autorun feature.
- Before accessing any file, analyse it with an antivirus.
You should take the printouts from the printer as soon as possible. If you are printing documents with sensitive data, stay near the printer while the sheets are being printed.
If you want to destroy documentation with important information (for example, personal data), do it in a reliable way, like using a paper shredder.
Information Security Incidents
If there is an abnormal situation that could put your resources at stake (loss of a device, virus infection, suspecting that your credentials were violated, accidental destruction of personal data, etc.), report the security incident immediately.
Instal the antivirus (software that acts as a defense against malicious code) and keep it updated.
- Only use software from legitimate sources and always keep it updated.
- Change predefined passwords and, if needed, the default configurations.
- Do not continue to use software that is not supported by the provider.
- Do not open files of questionable origin.
- Do not access links of unknown origins – analyse them previously.
- Do not use your work equipment for personal purposes.
Phishing is one of the most used methods to access personal data and/or infect systems with malware (malicious software). For example, through a fraudulent email, an attacker can pretend to belong to the university's services and request your access credentials.
Under no circumstance will U.Porto's services ask you to reveal your access credentials.
Avoid connecting to Wi-Fi Networks from unknown entities or without authentication. If you cannot avoid it, take measures to protect yourself. For example:
- Use a VPN;
- Do not access critical services;
- Confirm if the websites you are accessing are safe by clicking twice above the lock that appears in your browser next to the address field (which should start with "https://" and not with "http://").