Password advice

​LJMU IT Services help

IMPORTANT

Many external (non-LJMU) websites have been hacked recently, resulting in millions of usernames and passwords being leaked. Criminals then use this stolen information to attempt to log in to other sites with the same or similar passwords. Software is used to try similar variants of your password (e.g. using a zero instead of the letter O, appending a number etc). Many have been used to make online purchases and a number of LJMU staff have already lost significant sums of money.

Please consider the following advice for your own protection:

• Do not use your LJMU email address as your username when registering on websites

• Never use the same or similar passwords for work and non-work
  
  
• Check your email address on https://haveibeenpwned.com/ to see if it has been stolen
   
• Do not use the same password on multiple websites - if one site gets hacked, the same credentials will be tried against hundreds of similar sites
   
• Always use a complex password:

• Do not simply append 1, 2, 3 to your password – hacking tools automatically try these variants
• See https://www.cyberaware.gov.uk/passwords for advice on how to choose a secure password and consider using a password manager
   
• Do not save your credit card/PayPal credentials on a website. If you have done so, you are recommended to remove payment card information and you may need to consider cancelling your card
   
• Do check your bank statement regularly. You can set up automated alerts on your bank account for large transactions. e.g. >£500 by text
  
  
• Never write down passwords

• Never share your password with another person