Creating a strong password is an essential step to protecting yourself online. Using long and complex passwords is one of the easiest ways to defend yourself from cybercrime. No citizen is immune to cyber risk, but #BeCyberSmart and you can minimize your chances of an incident.

Simple Tips

Creating a strong password is easier than you think. Follow these simple tips to protect yourself online:

  • Make your password eight characters or longer. Create a password with eight characters or more and a combination of letters, numbers, and symbols.
  • Use a long passphrase. Use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.
  • Don’t make passwords easy to guess. Do not include personal information in your passwords, such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
  • Avoid using common words in your password. Instead, substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A,” and an exclamation point (!) can replace the letters “I” or “L.”
  • Get creative. Use phonetic replacements, such as “PH” instead of “F,” or make deliberate but obvious misspellings, such as “enjin” instead of “engine.”
  • Never share your password. Don’t tell anyone your passwords, and watch for attackers trying to trick you into revealing your passwords through email or calls.
  • Unique account, unique password. Use different passwords for different accounts and devices so that if attackers guess one password, they will not have access to all your accounts.
  • Use stronger authentication. Always opt to enable stronger authentication when available, especially for accounts with sensitive information, including your email or bank accounts. A stronger authentication helps verify a user has authorized access to an online account. For example, it could be a one-time PIN texted to a mobile device, providing an added layer of security beyond the password and username.

If you have questions about your account security or want information on how to stay safe online, please visit IS&T’s security website. If you wish to change or update your Chapman University account password, please visit


Thank you,

Chapman University IS&T

Follow IS&T on Instagram and Twitter: chapmanu_ist


For each of the four weeks of Cybersecurity Awareness month, we will be having a weekly “challenge” to earn cool prizes! Anyone who completes the weekly challenge will be entered into the raffle for that week’s prize. To finish with a BANG, at the end of the month, all submissions will be pooled together for a grand prize. To increase your chances of winning the grand prize, complete the challenge for each of the four weeks to earn a total of 4 entries!


  • The winner of each week’s prize will be randomly selected from all entries for that challenge.
  • The winner must be a Chapman staff/faculty/student, and submissions will only be accepted coming from their Chapman email address.
  • Winners will be selected and notified in early November. Winners have 1 week to “claim” their prize, or another winner will be selected.

How to win:

  1. Complete this week’s challenge – Cybersecurity Scavenger Hunt
  2. Email some confirmation of completion (screenshot, print screen, your answers)
  3. Use the following subject line: CSAM – Week 2

That’s it! We hope to hear from all of you, and good luck!

Week 2 Challenge – Scavenger Hunt

Prize: JBL Tune Wireless In-Ear Noise Cancelling headphones

Directions: Visit the following Chapman websites and search for the answers on the pages. Then email your answers!

  1. What is posted on this page?
  2. What 4 items should you notify IS&T about when you become aware of them?

  1. What percent of cyber-attacks use a combination of phishing and hacking?
  2. The Online Training and Awareness Program has representation from which departments?
  3. What should you do immediately if you put in your username and password into a phishing campaign?

  1. Which types of scams involve bounced checks?
  2. Which type of scam involves an impersonation email asking for a “favor” because they are unavailable to do so themselves?