Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  News  ›  2021  ›  Celebrate World P@$$w0rd Day

image of username and password login screen

May 06, 2021

Celebrate World P@$$w0rd Day

May 6th is World Password Day and it’s as good of a time as any to ensure that your passwords are safe and secure. Due to the COVID-19 pandemic, this past year resulted in more of our lives taking place online. Food delivery services, video streaming sites, grocery delivery apps, and online shopping accounts are just a few of the new digital services that were used in order to help us through our seemingly never-ending days at home.  While ordering a gourmet meal on the couch in pajamas is convenient, creating multiple new accounts can lead to risky password behaviors such as password reuse.

Reusing passwords is often the most common way hackers are able to break into an account and steal personal data. When a person reuses a password across multiple sites, and one of those services has a data breach exposing passwords, all other accounts that use the same password become compromised. To help keep your new and old accounts secure, implement some of the password security tips below!

  • Enable 2fa for your accounts: 2-factor authentication (2fa) acts as an extra layer of security by requiring a 2nd form of authentication. This way, if an attacker does manage to get a hold of your password, they will still need the 2nd factor which is often in the form of a one-time passcode or facial/thumbprint recognition from a smart phone. Check the 2fa directory to see if your accounts have the option to enable 2fa.
  • Use a password manager: A password manager is a personal database of your passwords. It will generate random strong passwords for new accounts and store them securely so that you don’t have to. You only need to remember one master password which grants you access to your entire password database. Get started using password managers today!
  • Check on your accounts: If a company has a data breach where personal information such as passwords were exposed, the breach becomes public knowledge. Use the service haveibeenpwned.com to check if your email accounts have been compromised. When you enter your email address, the service will check to see if that email was associated with a company website where data was leaked. If there are any companies on that list, change your password on the company’s website and enable 2-factor authentication.

Visit the ISO’s Lock Down Your Login for more on password management. You can also try the Carnegie Mellon University CyLab Password Meter which provides real-time feedback on what makes a password secure. Since this is only a demo, please don’t type in your real password on the page.

Compromised Password?

If you believe your Andrew userID password may have been compromised, change your password from a different computer or mobile device and contact the Information Security Office as soon as possible at iso-ir@andrew.cmu.edu or 412-268-2044.