Keeping Your PennKey and the Network Secure

It is essential that you keep your password secure to avoid possible compromise of critical systems on campus, and to prevent others from accessing your personal information. With that in mind, you should take the following precautions:

• Never share your PennKey password. Sharing your password gives others access to everything your PennKey gives you access to, such as grant financial information in GRAM or your GPA in PennInTouch. Once you share your password, you have lost control over how your account is used, though you are still responsible for anything done in your name. Sharing your password is also a violation of University policy. Review the information on alternatives to sharing or check with your Local Support Provider for additional options.

• Don't leave your password written on a post-it note or other piece of paper that is prominently displayed in your work area.

• Don't allow programs to save your password for you. Any one else who uses your computer could then access your information.

• Avoid using the same password for systems that transmit your password across the network in clear text. Some systems, such as versions of FileMaker Pro prior to version 7.0.9, do not secure your password. Contact your Local Support Provider to determine if you connect to any services or hosts that do not employ secure authentication.

• Don't use the same password for public Web sites (e.g., online bookstores, airlines, etc.) that you use with your PennKey. Rather, choose two passwords: your "public" password for use at public web sites and your "private" password for sensitive Penn systems.

• Beware of anyone claiming to need your password; no Penn system administrator will ever ask you for your password.

• Change your PennKey password immediately if you feel its security may have been compromised and report the incident to security@isc.upenn.edu. To learn more about how to change your password, see the Set/Reset Your Password page.

• Before leaving a workstation unattended for any length of time, either lock the screen or log out of the workstation and destroy any Kerberos tickets ; otherwise, you risk having others using your account, forging messages in your name, inspecting or modifying personal information or confidential information to which you have access, etc.