Technology Services

In response to the string of attacks that exposed millions of user credentials to the hacker community and public, a security researcher has setup a searchable database that allows people to check whether if their credentials have been compromised and made available to the public. The site, shouldichangemypassword.com, allows a user to enter his or her email address into a searchable box, where the user’s email address is then compared with a known list of compromised and published credentials. Please note, this site does not check an email address against an all inclusive list of compromised credentials, but rather it compares the email address to a list of high risk and published credentials. In order to protect your credentials and your digital identity, you should follow the tips below:

1. NEVER share your password with anyone, even people claiming to be IT or management.

2. Do not send your password to others via email, and be careful of the emails asking you to login and verify your account. If you are unsure of the authenticity, contact the VCU helpIT Center at 828-2227.

3. Periodically change your password for all accounts you use, and NEVER use the same password for multiple systems.

4. Consider using a password safekeeping program like KeePass to manage your passwords if you can’t remember all of your passwords.

5. Consider using a “pass phrase” when possible. A longer password or “pass phrase” is almost always harder to crack than a shorter password. A memorable phrase, or a random lyric from one of your favorite songs can serve as a good pass phrase. An example of a strong pass phrase is “I L0VE pepperoni p1zza!”.

More tips on password safety, as it relates to VCU eID passwords, are available in the askIT knowledge base.