Security recommandations

Passwords

Recommendations

• minimum of 15 characters

• mix numbers, symbols, lower-case and upper-case letters

• 1 account = 1 password – especially for sites that present a sensitive nature like bank, messaging, social network, etc.

• use this government website to assess the strength of any password

• use a password manager

• use 2FA wherever possible (see below)

• never text or email your passwords

• if you give access to your account to someone, then change your password

• be on the lookout for phishing / SPAM, and do not click on links you have not verified (even unsubscribe links)

Warning

No-one should ask you for your password, even someone from IT.

In the event of a compromise, please quickly notify IT at https://supportapc.in2p3.fr/

2FA - Two-Factor Authentication

Whenever a website allows it, opt-in for the two-factor authentication to strengthen your accounts.

There are three types of 2FA

• knowledge - something only the user knows: code PIN, password etc.

• possession - something only the user has: token key, telephone (sms), card, etc.

• inherence - something only the user is: fingerprint, face, voice, iris recognition

Backup

Backup your data regularly and avoid travelling with your backup disks.

There are also solutions to backup your computer at APC over the network :

• https://apc.u-paris.fr/APC_CS/fr/intranet/sauvegarde-des-portables

• https://apc.u-paris.fr/APC_CS/fr/intranet/serveur-de-fichiers-apchome

Useful links

• Best practices guide – from the French Cybersecurity Agency

• Compute password strength – from the French government

• Multifactor authentication – from the French government