Password is the first line of defence against cyber-attacks. Keeping your password safe and secure is very important. If your password is compromised/ disclosed to someone else, your identity, personal information and valuable data can be stolen. Once someone knows your account password, your account can also be used in illegal activity.

How Passwords are Cracked?

Source: https://www.ncsc.gov.uk/information/infographics-ncsc

To protect your account from password compromised, ICTO strongly recommends to secure your password with the following methods:

Change Initial Password

Once you receive the initial password, please change your password immediately via ICTO Account Information Page: https://account.icto.umac.mo

Never Disclose your Password

In all circumstances, you should keep your account password secret, and SHOULD NOT disclose to others (including any system administrators), so as to avoid someone from stealing your data or identity to commit a crime. Once your identity has been stolen, you are advised to reset account password immediately.

Change your Password Regularly

We suggest you to change the account password regularly, at least once a year.

Use a Complex Password

A complex password should contain:

  • Password length of 8 to 15 characters.
  • Mix capital and lower-case letters.
  • Include number and/or punctuation marks such as ` ~ ! # $ % ^ & * ( ) _ + – { } | [ ] \ : ” ; ‘ ? , ./p>
  • Include similar looking substitutions, such as the number “0” for the letter “O” or “S” for the symbol “$”.
  • Non-meaningful password. Avoid using meaningful password such as your birthday, ID number, or name, etc.

An easy and complex password can be formed by:

  • Using the first character of each word in a phrase as the password. For example, “Lilaboc” stands for “Life is like a box of chocolate”.
  • Mixing letters and numbers such as “h0o3m0e2” (mixing “home” and “0302”), or mixing some special characters such as “L1!ab0(,” (mixing some characters with “Lilaboc,”).

DO NOT Save Password on Internet Browser

You should not save password on Internet browser, and should disable the related features before using the browser.

DO NOT Respond to Phishing Mail

Please DO NOT RESPOND to the email which seems to be sent by ICTO. These kinds of emails are purposely asking for your user name and password. ICTO will NOT ask you for this information through email or webpage. If you have responded to the suspicious email accidentally, you are advised to reset your password at once. Please DO NOT click any link in an email without careful verification, as it may link to malicious software.

For more information about how to prevent phishing attacks, please refer to previous article: https://newsletter.icto.um.edu.mo/please-prevent-phishing-attacks/

Remember to Log out Computer after Using in Public Area

After using the computer provided at public areas such as libraries or hotels, please remember to log out the computer immediately after use. If possible, it is better to restart the computer.

Account Compromised

In case we detected any abnormal activity on your UM account, we will disable your account temporarily to minimize your loss and provide you with assistance as soon as possible.