Online Security Tips and Resources

Be Safe, Be Smart, Be Secure

Keeping your computer or other networked devices secure will help protect your personal information from online threats. Taking steps to secure your device is required by the campus - read Berkeley's Minimum Security Requirements for Networked Devices policy.

Set a Strong Password

A weak password is what hackers look for first. Stay one step ahead.

One of the campus Minimum Security Requirements is having a strong administrator password on all your devices. In reality, every password for every account of every site must be a strong one since passwords are meant to protect your personal and private data. Don't make it easy for anyone to guess or crack your password!

This guide will help you better understand the importance of strong passwords, and how you can better create and remember them.

How do I keep track of all my passwords?

It's difficult to remember multiple passwords. These applications can also automatically fill in password fields for you whenever you log in to an account. This way you only need to remember one strong master password that safeguards your password vault.

However, you may want to keep extremely sensitive passwords - for bank accounts, online shopping sites that have your bank account information, and your CalNet passphrase - separate from all the other passwords Lastpass or Keepass manage. This way, if a hacker manages to crack your master password, they do not also gain access to these other important accounts. Remember to make your master password as strong and secure as possible, and different from all your other important passwords.

The moral of this story is: Be very smart and careful regarding what you do on the internet. There's only so much a password can protect. Make sure that your password is a tough one.

How easily can someone crack a password?

When creating passwords, people generally care more about memorability than security. Too many people have passwords like ‘1234’ or ‘password’ or ‘iforgot’. A hacker would guess these passwords first as they are the most commonly used.

But even if your password is much more creative than ‘1234’, and even if you are clever enough to have a different password for all your different accounts, it may still be very easy for your password to be cracked if it is still too simple.

This table (taken from this article from geekbeat.tv) illustrates how long it would take for a normal computer to brute force guess passwords of different length containing different kinds of characters.

Password Length	All Characters	Only Lowercase
3 characters	.86 seconds	.02 seconds
4 characters	1.36 minutes	.046 seconds
5 characters	2.15 hours	11.9 seconds
6 characters	8.51 days	5.15 minutes
7 characters	2.21 years	2.23 hours

This is assuming these passwords are completely random gibberish and comprise of no recognizable dictionary words. Hackers like to accumulate large dictionaries that contain many different combinations of words and phrases that could possibly be part of a password. If any part of a password matches up with an entry in that dictionary, the rest of the password will be easier for the computer to guess and take even less time to crack.

Other ways someone might get a hold of your password are:

Your password hint is too obvious (it's better to refrain from providing a password hint if given the option).
You've written your password down somewhere for someone to see it.
Your password is short enough or your keystrokes are simple enough for someone to watch you type it in and remember it.
You login to someone else’s computer and they have some kind of keylogger that saves your password so they can login with it later.

Do your best to avoid these things. Remember, people can be sneaky. Always be wary when it comes to passwords.

What makes a good password?

As demonstrated above, longer passwords with a variety of characters and containing no dictionary words are less likely to get cracked.

As some good rules of thumb, it's best for a password to:

Be at least eight characters long
Have a combination of uppercase and lowercase letters
Have numbers and symbols
Be unique to all other passwords, usernames, logins, etc.
Not include dictionary word
Not be a keyboard pattern (e.g. 1234, asdf, qwerty)
Never reuse a password. Protect the integrity of each account by generating a new password for every one. If you’re having trouble coming up with a new secure password, StrongPasswordGenerator, and other sites like it can generate a new password for you. Strongpasswordgenerator even provides a mnemonic to help you remember it. However, it is always better to try to come up with a good password on your own. That way your password is a little more unique, and a lot more meaningful to you.

Enable Auto-Updates

You can prevent hackers by keeping your device's operating system updated. To make sure updates happen automatically:

In Windows

Open Windows Update by clicking the Start button, and then clicking Control Panel.
In the search box, type update, and then click Windows Update.
In the left pane, click Change Settings. Select an option that best fits your needs.

On a Mac

Open System Preferences and click on App Store.
Check Automatically Check for Updates and Install System Data Files and Security Updates.

iOS

iOS: Go to Settings → iTunes & App Store, then under Automatic Downloads, slide Updates to the right to turn on this feature

Android

Go to the Google Play Store, tap the Menu button and go into Settings → Auto-update apps.

Protect Your Device

Protect your device by downloading antivirus software & being cautious with web browsing.

Be Safe Online

Here are some safe browsing tips for online browsing and social media. Guard against dangerous network traffic. Turn on your firewall.

Enroll in CalNet 2-Step Verification to secure your device.

The bSecure Remote Access VPN (Virtual Private Network) service allows students to securely access the UC Berkeley network from outside of campus as if they were on campus and encrypts the information sent through the network.

Read about how your data is collected, used, and analyzed through bCourses.

Why is security so important? What are the minimum security standards?

We place such an emphasis on security to provide the best Internet experience to all students on the network. When one computer has security problems, it can affect the usage of others on the same network. In addition, the University's network infrastructure is an enormous hub for a great deal of traffic in California, and therefore we must maintain the integrity of the devices connected. The minimum security standards include having an antivirus program, a firewall, the latest operating system updates, and passwords for all administrator accounts.

How can I protect my laptop from physical theft and myself from identity theft?

To protect yourself from identity theft, make sure that you have a strong password that is difficult to guess. Be sure to never include any publicly available information in your password, such as your name, your birthday, or your address. Also, only install programs from sources that you trust and be wary of fake sites that ask for your personal information. To protect your computer from physical theft, you can use a computer lock (usually priced between $5 and $30). Attach the lock to a heavy, solid object (such as a desk) and connect the other end to your laptop. You can also buy laptop tracking software, which sends out a beacon through the Internet to help you find it in the event of a theft.

What does it mean to have my Internet shut off for a "security vulnerability"?

The campus systems and network security team continuously scans for security vulnerabilities on the network, such as default passwords, unprotected network shares, and missing Windows or Mac OS X patches. The reason for these stringent security scans is the same as above: we want to protect you against a possible route of infection in order to prevent information/identity theft and to preserve the integrity of our network. After all, the easiest way into the UC Berkeley network is through an unsecured computer.

What can I do to remove malware on my own?

A countermeasure you can take against malware is to use trusted malware removal tools. Some examples include Ad-Aware, Malwarebytes Anti-Malware, and Spybot-Search and Destroy. Make sure you are using a trusted tool, since there are many malicious programs that will only damage your computer further under the guise of being a legitimate malware removal tool.