Time to change your password?

October is Cybersecurity Awareness month, and a good time to think about your access.caltech password.  When did you change it last?  Email-based scams are on the rise, and some victims may not realize they have inadvertently exposed their passwords until after their account is accessed and abused by a malicious third party.  Periodic password changes can mitigate that risk.  In addition, good password practices have changed over time, as technology has changed — a password that might have been strong enough several years ago may no longer be resistant to modern password-cracking techniques.

If you haven’t changed your password in a long time (for example, in more than a year), consider updating your password at access.caltech, by logging in and choosing the Manage My Password tab toward the top of the screen:

Your password must be at least 10 characters long, and should be unique to your Caltech account — not reused anywhere else.  The maximum password length is currently 20 characters, although we expect to raise the allowed maximum some time this coming year.

Once you’ve changed your access.caltech password, bear in mind that you must update it in any applications where you may have it saved (for example, in your desktop email client, your phone email client, your Caltech VPN software, and your Caltech Beavernet or Caltech Secure wireless settings).

Don't share your password

Your Caltech password should be known only to one person: you yourself.  If you need to provide someone else with access to your Caltech calendar or mailbox, let IMSS know by contacting us at help@caltech.edu, so that access can be granted using permissions rather than password-sharing.

Password Management

Most of us have a very large number of passwords to keep track of.  Consider using a password management tool, which can allow you to create a database of important passwords and notes, encrypted to a master passphrase, which is the only one you need to remember.  Many password management utilities can syncronize across devices (i.e., phone, desktop computer, laptop, tablet), and most password management utilties also allow easy, convenient generation of strong passwords.

If You Think Your Password has been Compromised

If you suspect that someone other than you has been using your access.caltech account, or that someone other than you knows your password, please notify IMSS immediately by telephoning the Help Desk at x3500 so that we can investigate. If you are able to send email, you can also contact Information Security directly by sending mail to security@caltech.edu. Change your password by going to https://access.caltech.edu and choosing the Manage My Password tab. It is always wise to change a password that you believe may have been compromised. However, it is important to investigate the incident as well, so that the problem doesn't occur again.

Scam Warning

IMSS will never ask you for your password, nor will we send you a link in email telling you to "verify your account".  Always be cautious about logging into any website using a link received in email -- if you must log in using a link from email, check the address bar of your browser to see where you are, before you put in your password.  It is very easy to send email with a link that looks legitimate, but actually directs your browser to a fake site. More information about how to spot a phisher scam via email is here.