Carnegie Mellon University

Password Security

A strong password helps keep your device safe. Use these password management instructions to set your password and to reset your password if you forget it. Consider using a password manager tool to generate strong passwords and keep them in one safe place.

Computing Services recommends the following practices to maintain the strength and security of your password, and the data and systems that it unlocks. For detailed information, see the ISO Guidelines for Password Managers and Password Management

Be safe ...

  • Do not share your password. Computing Services will never request your password via phone or email.
  • Students, authorize parents or guardians to access your billing information through My Plaid Student, rather than sharing your password.
  • Practice safe clicking! Verify that URLs are affiliated with Carnegie Mellon before clicking email links to applications or login pages. Carnegie Mellon login pages display
  • Change your password if you log into public computers or through open WiFi networks.
  • Use a pass phrase instead of a password. It’s not as easy to guess, but usually easier for you to remember!
  • Don’t write your password down or record it in an unsecured location.
  • Avoid reusing previous passwords; password thieves know people recycle passwords!
  • Don’t use your Andrew password with other accounts (e.g., personal email, Facebook, Instagram, Pinterest).
  • Don’t use automatic login for your computer, browser or applications.

Added Security with Two-Factor Authentication (2fa)

The 2fa service provides an added layer of security to your Andrew userID and password. Increased password security provides a higher level of security for the systems and data you access. For this reason, university faculty, staff, and student workers are required to use 2fa. Other students and those with sponsored accounts are encouraged to enroll in 2fa for added identity and account security.

Learn more about 2fa and enroll

Personally Identifiable Information

Personally Identifiable Information (PII) is any information that may be used to distinguish or trace a person’s identity. Examples of PII include a Social Security Number (SSN); a driver’s license, passport or state ID; a birth date and place of birth; a mother’s middle and maiden names, and so on.

Some personal information may be on your computer, especially in personal correspondence or in downloaded bank statements. Passwords to sites that hold your most important personal data may be cached or in configuration files for convenience. This information is at risk if you lose your computer. Identity Finder software is available to faculty and staff to help you find PII on your computer, then securely encrypt or dispose of the data.

Be safe...

  • Limit what you share on social media sites.
  • Avoid providing personal information in response to an email, phishing attempt or phone scam (e.g., userID, password, SSN, credit card and bank account numbers).
  • Avoid providing your SSN number, personal, or financial information to individuals claiming to represent the IRS, your bank or service providers (e.g., phone company).
  • Do not open email attachments or links from individuals you do not know. They may contain malware designed to access information on your computer.
  • Avoid sending PII in an email.
  • Verify the identity and authority of anyone requesting PII by contacting them directly.
  • Shred all documents containing PII and avoid leaving documents with PII in plain sight.
  • Make sure your operating system and software are updated and antivirus software is installed on your computer.