It is your responsibility to keep your accounts secure no matter how unimportant you may consider the files stored in them. A hacker may break into your accounts and use those privileges to harm other people.

Your Own Accounts

• Never leave an account without a password
• Change your passwords on a regular basis (once a month)
• Use a different password for each organization in which you have an account to prevent security problems in one place from spreading to another
• If you can't remember all of your passwords, write them down on a small piece of paper (but not with the names of the computers for which they are valid). Put them in your wallet with your cash so you'll keep them safe. Leave a copy at home in case your wallet is stolen. If you make this a habit, you won't be tempted to use just one password on all of your accounts. IT IS NOT THAT HARD. PLEASE USE A VARIETY OF PASSWORDS.
• Choose good (i.e. unguessable) passwords featuring both numbers and letters
• Never give your password or other account information to anyone over the phone. It is an old trick to call someone up, pretend to be be some real person having to do with computer management within your organiation (easy to determine from phone books and web pages), and ask you in a confident way for your password.
• Ask your systems administrator to create groups and make files group-writable to avoid needing world-writable files and directories
• Don't leave yourself logged in unless you lock your screen with a password-protected program
• Ask that your accounts be deleted when they are no longer needed
• Never share accounts with other people. It makes it impossible to keep track of who is doing what where.
• Give sealed envelopes to trusted people if they may need your password in an emergency while you are absent. When the envelope is broken and the password used, a new one is assigned and the process is repeated
• Do not tell your programs to save your password to prevent people from being able to sit at your computer and access your accounts without first giving a password

• Always use ssh or slogin when connecting to a remote machine so your password and keystrokes will be encrypted
• Use scp instead of ftp so your password and files will be encrypted
• Don't use .rhosts files
• Use IMAP mail-reading clients instead of POP ones

• Learn how to inspect and change the protection permissions on files on your computer
• Consider storing sensitive files on a removable disk (e.g. Zip or Jaz), ejecting it and locking it up at the end of the day.
• Make regular backups of your files to removable media. Store them away from your computer in case a water pipe bursts overhead.
• Consider using an encryption tool for sensitive files. UNIX users can use crypt. Be careful not to lose your key or the file will be lost!

• Use xauth instead of xhost to control access to your X Windows display. (Ssh automatically does the xauth work for you.)

• Watch out for suspicious activity by other users around you. If you see an account being shared, tell the systems administrators and the owner of the account immediately.
• Report anything that makes you think your account is being used by someone else
• Read security messages when they are sent out by AUTHORITATIVE sources. (Any message that tries to make you panic and claims to be from some vague powerful-sounding group ("We are the FBI") is a hoax.)