Keeping Your PennKey and the Network Secure
It is essential that you keep your password secure to avoid possible
compromise of critical systems on campus, and to prevent others
from accessing your personal information. With that in mind, you
should take the following precautions:
Never share your PennKey password. Sharing your password
gives others access to everything your PennKey gives you access
to, such as grant financial information in GRAM or your GPA
in PennInTouch. Once you share your password, you have lost
control over how your account is used, though you are still
responsible for anything done in your name. Sharing your password
is also a violation of University policy. Review the information
on alternatives to sharing or check
with your Local Support Provider for additional options.
Don't leave your password written on a post-it note
or other piece of paper that is prominently displayed in your
Don't allow programs to save your password for you. Any
one else who uses your computer could then access your information.
Avoid using the same password for systems that transmit
your password across the network in clear text. Some systems,
such as versions of FileMaker Pro prior to version 7.0.9, do not secure your password. Contact your
Local Support Provider to determine if you connect to any services
or hosts that do not employ secure authentication.
Don't use the same password for public Web sites (e.g.,
online bookstores, airlines, etc.) that you use with your PennKey.
Rather, choose two passwords: your "public" password
for use at public web sites and your "private" password
for sensitive Penn systems.
Beware of anyone claiming to need your password; no
Penn system administrator will ever ask you for your password.
Change your PennKey password immediately if you feel
its security may have been compromised and report the incident
To learn more about how to change your password, see the Set/Reset
Your Password page.
Be wary of web links in email, particularly in unsolicited email asking
you to provide your password or any other kind of sensitive information. Even
if a link in an email looks entirely legitimate, there is no guarantee that when
you click on it, you will go to the website indicated in the email.
Before leaving a workstation
unattended for any length of time, either lock the screen or log out of the workstation and
destroy any Kerberos tickets ; otherwise, you risk having
others using your account, forging messages in your name, inspecting
or modifying personal information or confidential information
to which you have access, etc.