HomeLISIT security

IT security

Your UHI username and password


Access to UHI services is controlled through the use of a username and password.  When you join UHI you will be given a unique student ID. This is usually a six or eight digit number (e.g., 123456, 12345678). This student ID is also your UHI username.  It may also be referred to as your UHI user ID or UHI ID.  You should be advised of your default password during enrolment or induction. You should change your password from the default as soon as possible. This can be done using a college PC. Press ctrl+alt+delete and you will see an option to change password.  Alternatively this can be done by logging into MyUHI and going to 'Settings' beside 'Log off'.

Our systems use the combined UHI username and password to verify who you are and what you are entitled to access.  Any activities carried out in our systems will be attributable to the UHI username that has logged into the system, so it is extremely important that you do not allow anyone to have access to your account details as you will be responsible for any activities undertaken with your UHI username.  It is therefore your responsibility to ensure that your password remains secure and is only known by you.

The following steps can be undertaken to ensure your password details remain secure;

  • Change your password from the default password you are provided
  • Don’t tell anyone your password
  • Don’t write your password down
  • Don’t include your password in an email (even to your local IT support or the UHI Servicedesk)
  • If you think someone knows your password, change it
  • Change your password regularly
  • Don't use the same password for different external services
  • Ensure you create a strong password

Only you know your password, even the members of local ICT support and UHI Servicedesk can’t see what it is.

A strong password is one that is hard to guess, there are a number of ways to ensure the password you create will help your account details stay secure;

  • Length - we would advise not setting passwords that are less than 6 characters
  • Words - try not to use proper words, automated hacking programmes will also try common misspellings, words spelt backwords and words with obvious digit substitutions, e.g., using a 5 instead of an S. Random combinations are the most secure.
  • Variation - the most secure passwords have a combination of letters and numbers, lower and upper case
  • Don’t reuse a password, reusing also covers changing a number at the end to make it unique,

However watch you don’t make your password so hard to guess that you can’t remember it!  A method of creating a hard to guess but easy to remember password is to use the first letters of a favourite quote, name, film or song.  For example “To the uneducated, an A is just three sticks.“ (A. A. Milne) would become TtuaAij3s. (but please don’t use this one, as its written down!)

Even a strong password can eventually be guessed if it has been used for a long period of time. It can be hard to choose and remember a strong password, this YouTube video might help!

It can be difficult to keep track of passwords, we'd recommend that staff and students think about using an external password management service, such as KeePass, LastPass or 1Password. These services are external to UHI, there may be a charge for using or installing the service.

Please contact the UHI Servicedesk if you forget your password and it can then be reset, see Getting Help for details.

Occasionally you may receive emails which ask you for your account and password details. You should be cautious of any unexpected email you receive that asks for this type of detail, as these are often phishing emails. These emails are an attempt to get your UHI username and password details so that your personal information can be stolen.

Often these emails look genuine and will have text along the lines of your email account will be suspended unless you reply with details of your account and password.

Before replying to any message such as this, please check the sender email address, if its not from an @uhi.ac.uk account you should be wary.  Also please bear in mind that the UHI Servicedesk will never ask you for your password details.  Any planned work to our systems will be sent out over email but we will also post details on this website (www.uhi.ac.uk/lis under Service Announcements).  If you are at all unsure about information you are being asked to provide please call the Servicedesk to confirm. If you think you have accidentally supplied your information please contact the UHI Servicedesk to have your password reset.

If you are sent emails with website links in them, check that the link appears goes to a UHI based site. These generally have uhi.ac.uk in the link name, e.g, https://webmail.uhi.ac.uk

Most UHI websites that asks you for a login should be secure sites, you can tell this by the s in https in the address bar, and there will usually be a padlock shown on your web browser software.  Incorrect spelling, odd looking graphics or strange website names can sometimes be a give-away on fake sites, but many look very professional.

 

General  Identity Security

Incidents of Social Engineering and Identity Theft are generally on the rise.  Posting certain types of information about yourself publically online can assist fraudsters.

You should guard against making the following pieces of information available generally online;

  • Your full name
  • Your full address (and post code)
  • National insurance number
  • Date of birth
  • Telephone number
  • Mothers maiden name
  • Birthplace
  • Current place of study/work
  • Recent addresses

Having up to date security software on your PC or laptop will also help keep your information secure.  The equipment provided for you at your college site will have Anti-Virus software, Spy/Adware and local firewall software installed, but you need to ensure that your equipment has these installed and that they are kept up to date as new viruses are released all the time.  Some of the new security software will even alert you to sites that may be fake. UHI have a campus agreement for the Sophos anti-virus software, you can request this software by us

When you use shared computer equipment, such as the college PCs or internet café PCs, you should always ensure that you log out at the end of your session.  If you pop away from the computer then lock the session by pressing ctrl+alt+del, then your password will be required to access your session. Many internet browsers have the capacity to store local password information. When using shared resources you should always answer No to any prompt asking if you wish to save your password details.

If you have a Wi-Fi connection at home make sure that this is secured.  Your Wi-Fi manual should provide you with instructions on a couple of easy changes which should make your setup more secure; such as how to change the administrative password for the device and enable WPA/WEP encryption.

Security Week Tips

Here are some of our top tips:

1.    Be aware that you are an attractive target to hackers. Don’t ever say “It won’t happen to me.”
2.    Practice good password management. Use a strong mix of characters, and don’t use the same password for multiple sites. Don’t share your password with others, don’t write it down, and definitely don’t write it on a post-it note attached to your monitor.
3.    Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time—no matter how short—lock it up so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock it up as well.
4.    Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link takes you to. Think you can spot a phony website? Try this Phishing Quiz.
5.    Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether it’s a friend’s phone, a public computer, or a cafe’s free WiFi  your data could be copied or stolen.
6.    Back up your data regularly, and make sure your anti-virus software is always up to date..
7.    Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones.
8.    Watch what you’re sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information such as where you study, where you work, when you’re on holiday which could help them gain access to more valuable data.
9.    Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information, but if they've called you on your landline, be sure to use a different phone to call back as a landline might be connected to the original caller for up to 10 mins after you hang up.
10.   Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised. If you think your university account has been compromised please speak to the .

Getting help

The UHI Servicedesk is your first point of contact for any queries. The service is open from 0900 – 1700 Monday to Friday and can be contacted a number of ways;

Telephone: 01463 279150

Email: 150@uhi.ac.uk or servicedesk@uhi.ac.uk

Web: www.uhi.ac.uk/servicedesk

Some useful sites:

http://www.getsafeonline.org
http://www.microsoft.com/protect/default.aspx

http://www.cifas.org.uk/

http://support.apple.com/kb/ht1222

http://www.ico.gov.uk/Youth/section2/intro.aspx

Acceptable Use Policy

Academic Partner staff and students should also refer to the Summary of the Acceptable Use Policy.pdf

Staff and Students should be aware that when working from a UHI connected site that you must also comply with the JANET Acceptable Use Policy.