Think of passwords as the guardians of your digital fortress. Just as you protect your physical keys, safeguarding your passwords is paramount. 

Dealing with password creation, storage, and recollection can be a hassle in our online lives. However, it is crucial to recognize that passwords are the initial barrier against cyber threats and data breaches. Moreover, user-friendly, free password managers have made password management more convenient than ever. By dedicating a few moments to this task today, you can ensure your online safety for the long haul. 

No matter what accounts they protect, all passwords should be created with these three guiding principles in mind: 

  • Long: The National Institute of Standards and Technology (NIST) — the Commerce Department section tasked with developing cyber security best practices for the federal government, recommends a long password, with a minimum of fourteen characters.
  • Unique: Each account needs to be protected with its own unique password. Never reuse passwords. This way, if one of your accounts is compromised, your other accounts remain secure. We are talking really unique, not just changing one character or adding a “2” at the end – to really trick up hackers, none of your passwords should look alike.
  • Complex: Each unique password should combine upper-case letters, lower-case letters, numbers, and special characters (like >, !?). Again, remember each password should be at least 12 characters long. Some websites and apps will even let you include spaces.

How often do I need to change my password?

If you have created a long, unique, and complex password, our advice is that there is typically no need to alter it unless you have reason to believe that an unauthorized individual has gained access to your account or your password has been compromised in a data breach. 

Traditionally, cybersecurity experts urged frequent password changes every few months. However, this practice is not beneficial when your passwords are already robust, long, unique, and complex. In fact, frequent password changes can inadvertently lead to issues such as reusing old passwords or developing a habit of crafting similar, weaker passwords.

But remembering my passwords is hard! 

Chances are, you have many online accounts, each requiring its own distinct password. While this might result in many passwords, it is essential to understand that employing long, unique, and complex passwords remains the most effective strategy for safeguarding all your digital accounts. 

Fortunately, in the present day, numerous free and user-friendly tools are available to simplify the management of your extensive collection of unique passwords. The reality today is that you no longer need to commit all your passwords to memory. With the latest tools at your disposal, there is no need to strain your memory each time you encounter a login screen. Instead, you only need to recall a single password that grants access to your password manager vault. 

If you receive a suspicious email in your Chapman account, do not click on any link or reply to the sender. Instead, please continue to report any malicious message by forwarding it as an attachment to To see the latest trending scams, please visit

Stay vigilant, stay safe!  

Chapman University Information Systems & Technology (IS&T)


For each of the four weeks of Cybersecurity Awareness month, we will have a weekly “challenge” to earn cool prizes! Anyone who completes the weekly challenge will be entered into the raffle for that prize.


  • The winner will be randomly selected each week.
  • The winners must be Chapman staff/faculty/students, and submissions will only be accepted from their Chapman email address.
  • Only responses submitted from a Chapman University Email address are accepted.

How to win:

  1. Complete the week’s challenge and take a screenshot of your final score.
  2. Email and include some confirmation of completion (screenshot, print screen, your answers)
  3. Use the following subject line: “CSAM – Week 2.”

Week 2: Scavenger hunt; visit the web pages below and answer the corresponding questions.

    1. What is this page used for?
    2. What 4 items should you notify IS&T about when you become aware of them?

    1. How can you protect yourself from quishing?
    2. A Chapman University email will NEVER ________
    3. What should you do immediately if you put your username/password information into a phishing campaign?

    1. Which types of scams involve bounced checks?
    2. Which type of scam involves an impersonation email asking for a “favor” because they are unavailable to do so themselves?
    3. How do sextortion emails work?


  • 1st prize: Instax Camera
  • 2nd prize: Moon Lamp
  • 3rd prize: T-shirt (limited sizes)

That’s it! We hope to hear from all of you, and good luck!