Summary
          
          You probably have more online accounts than you can keep track of. If you keep track of your passwords by writing them down, using a spreadsheet or local file, or "have a system" for using passwords, you should read this.
        
 
        
          
            
Body
          
A password is required to do many things online at Colby and at other sites on the Internet, from retailers to banks. The fact is, passwords are not much more secure than a codeword - once set, we can't control who shares it or who uses it. For this reason and others, Colby employs an additional security measure, multi-factor authentication (MFA), for any service containing high risk or personal data. The tips below include this and many other steps for making sure you use passwords effectively to keep important information private and secure.
	- 
	Use strong passwords — a good password is either complex (with numbers, upper and lower case letters, and symbols) or longer than 18 characters. Avoid using dictionary words, or things that would be easy for someone to guess. Do not include names, or hints, that may be given away from posts on social media platforms.  
- 
	Use a unique password for every account — don't use the same password for different things. This will protect against the domino effect of multiple accounts being compromised due to using the same password across services. A password manager can help keep track of all your accounts, passwords, and other information. 
- 
	Employ multi-factor or two-factor authentication (MFA) if available. --- MFA is an additional level of security when combined with a password, effectively negating the re-use problem posed by an exposed password. Authenticator applications like Okta Verify and Google authenticator are preferred over text messages (SMS) or phone calls. 
- 
	Never provide password to anyone  — Phishing emails and other online scams often ask you to log into a webpage using your username and password  - don't fall for it. Be skeptical and make sure that wherever you enter your password is official. If you're in doubt, try to load the authentication page some other way (like an Internet search) or contact the company or organization claiming to ask for it. 
- 
	Never store your password(s) in a file on your computer. Writing passwords down might seem more secure, but this practice is also risky. What if you lose the paper, then what?  Consider a password manager to keep track of your accounts and passwords. 
- 
	Consider changing your password — the best way to prevent someone from using your password is to change the password often, remembering to use a completely different and unique password every time. 
- 
	Consider using a password manager  — Password managers like Keeper, Bitwarden or 1Password assist in generating complex passwords and storing them securely. In order to ensure the security of your password manager, make sure to enable multi-factor authentication. Colby ITS supports the Keeper on-line password manager for business use. 
- 
	Have any of your account passwords been involved in a breach?  --- a difficult question to answer with certainty, yet still a good question to ask. Sites like https://haveibeenpwned.com/ and password manager services like Keeper and 1Password can keep you informed if one of your accounts is potentially exposed.