About Password Security Questions
Password security questions are a common form of online account management utilized by banks and businesses. By answering security questions correctly, users are given the chance to change a password that’s been forgotten.
As part of its online CWRU Network ID account management process, University Technology requires all users to select and answer a series of security questions at the time that an account is activated. Users are prompted to answer those security questions again to execute a Password Reset (if a password is forgotten).
Although password security questions make it convenient for users to re-establish access to an account, using questions with easily guessed answers heighten the risk of breach. Social accounts, blogs, search engine results and news/media resources are all open to malicious actors (e.g., "mother’s maiden name" found in social media or search results, birthplaces may be located in searchable government records).
Use security questions to store extra passwords instead of actual answers to reduce the risk of loss or abuse by a breach of CWRU Network account credentials. If you answer these questions honestly, the information may be easily located using social networking tools or Google.
Passwords used in the place of security question answers should be difficult to guess. To help you remember your passwords, consider using a password management database such as KeePass (keepass.info).
Characteristics of an effective password
- At least eight alphanumeric characters long. The suggested length is 12-15 characters.
- Is a passphrase. For example, "Ohmy1stubbedmyt0e."
- Consists of at least three of these four categories: lowercase letters, UPPERCASE letters, numbers (0-9), punctuation special characters (!@#$%^&*()_+|~-=\`[ ]:";'<>?,./)
- Not a word in any language, slang, dialect, jargon, etc.
- Not based on personal information, names of family, does not resemble your Network ID, or other information that could be guessed.
- Easy for you alone to remember. Use the basis of something you know well, such as a song title, affirmation, or other phrase. For example, the phrase “this is my password” could be transformed into “Th!$!$m/P@&&wrd”
Reassign your password security questions
To reassign your password security questions visit the Password Security Question Settings page. Select a security question from the Question dropdown box and enter the answer into the Answer and Re-Type Answer fields. Finally, click on the Submit button.
Determine if your password has been breached or reset
If you find you can neither log in with your password nor change your password using the UTech Password Change page, someone may have guessed and reset your password in order to gain access to your CWRU Network account.
What to do if your password has been breached
Call the UTech Service Desk at 216.368.HELP (4357) to report the account compromise. The Service Desk staff will help you reset your password.
Once your password has been changed, log in to the CWRU Network and change your security questions using the Password Security Question Settings page. If you use your CWRU password for other websites or applications (e.g., facebook, banking, etc.), change those passwords and security questions also.