Safe Computing Best Practices

Here are some best practices to follow to stay safe and secure, and avoid becoming the victim of the next phishing scam.

Best Practice #1 - Change your passwords periodically

If you believe that you were the victim of a phishing scam, you should change your password immediately! Doing so will prevent the criminals from accessing your account. Even if you weren't the victim of a phishing scam, it's a good idea to change your passwords periodically anyway, though this is less important when using very long (15+ character) passwords.

Best Practice #2 - Create secure passwords 

Your passwords should contain a MINIMUM of 8 letters or numbers. The longer the password the better. Avoid creating passwords that have information that can be associated with you in some way (e.g. names of pets, names of children, social security numbers). Try using a pass phrase instead of a password (e.g. "ILoveBostonCreamDonuts").

Best Practice #3 - Don't use the same password for everything

Many people use the same password for everything, which is extremely insecure. Think about it - if a hacker obtains your Buffalo State password, they won't just try and access your Buffalo State accounts. They'll also try to use these same credentials to access more lucrative sites, like an online bank account or a shopping website that might have your credit card information stored. By using different passwords for different sites, you limit the hacker to only "unlocking one door" if a password is stolen, rather than "unlocking all the doors."

Best Practice #4 - Don't use your Buffalo State email address to register for outside services

We recommend against using your Buffalo State email address to sign-up for outside services such as shopping or social media accounts.  In rare cases, a service may require a .edu email address to qualify for a service – if you do use your Buffalo State email address for any outside services, do NOT also use your campus password.

Best Practice #5 - Avoid phishing scams

If you receive an email that looks suspicious, here are some things to help you determine if the message is legitimate or spam:

  • Examine the spelling and grammar. Phishing emails typically have misspelled words and poor grammar. 
  • Examine any hyperlinks in the message by hovering your mouse over them (without clicking). If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.
  • If the message is making threats - "failure to upgrade your email account will lead to the closure of your email account" - it's spam!
  • If the message is asking for personal information (e.g. SSN, password) it's spam!

When in doubt, just delete the message! Or, you can always forward the message to the IT Help Desk ( for examination. 


Article ID: 39144
Sat 9/16/17 7:36 PM
Sun 8/28/22 12:41 PM