With the upgrade to WordPress 3.0 and the future rollout of MyCarletonOne single password solution, the new combined security functionality requires your attention in protecting your passwords by not allowing your web browser to remember your password details and by clearing your browser memory of any stored passwords. The MyCarletonOne password will apply not only to the CCMS but to all CCS services such as wireless, CUNET and Outlook/Exchange Email.
Clearing Saved Passwords
Browsers have a good memory which could be a good thing in terms of remembering the addresses of your frequently-visited sites, but pose a security risk when storing login and password details. In a past blog post about web security, we discussed that one of the ways you can help keep our network secure is by keeping your user name and password a secret. This also includes keeping it a secret from memory-happy browsers.
When entering your login details on the Carleton CMS login page, you have the option of selecting the Remember me check box to allow CCMS to store your user name and password and to pre-populate these fields the next time you login.
If you are logging into CCMS from your private work computer, you can select the Remember Me check box provided that you establish a secure working environment which includes never letting others use your computer and logging off of your computer or locking your desktop (by selecting Ctrl-Alt-Delete>Lock Computer) whenever you leave your desk. If you have selected the Remember Me option, when your web site is upgraded to WordPress 3.0 and again when you change to the MyCarletonOne login, you must remember to complete the Clearing Browser Memory procedures in this guide to clear your browser memory of all saved password data.
If you are logging into CCMS from a public computer (for example, at the library), never select the Remember Me check box. As a University-wide security best practice, never allow browsers to save confidential login details on a shared computer. Whether you are working on your web site or are doing online banking, allowing browsers to save your passwords is not good security practice. To avoid having your passwords saved on a public computer, always click No when your browser prompts you to save your login details.
By default, most browsers are set to remember passwords for sites. We recommend turning this option off by completing the following steps:
For Firefox
- From the Firefox toolbar, select Tools > Options.
- Deselect Remember passwords for sites in the Options window.
- Click on the Saved Passwords button in the Options window and review the list to see if any passwords have been saved for sites you have visited. We recommend clearing this list by selecting Remove All.
For Internet Explorer
You can clear your stored passwords while clearing your browser memory by completing the procedure in the following section.
Clearing Browser Memory
In addition to passwords, browsers store all of your browsing data such as visited sites and cookies in an area called a cache. Browsers tend to access cached data instead of retrieving new data which causes problems when updating passwords. When changing to the new MyCarletonOne single sign-on system, you will need to change your password every 120 days. In this case, it is extremely important to clear your browser’s stored (cached) data so that your browser does not try to use your old login credentials. It is best practice to clear your browser history after you change your MyCarletonOne password and remember to follow this process every password change cycle. Clear your browser memory by completing the following steps:
You have now successfully brainwashed your browser and deleted your stored passwords and browser data maintaining a secure web environment. Stay tuned for future announcements on the WordPress 3.0 upgrade and MyCarletonOne.