Protect your PennKey

Protect your PennKey

Keep your password secure to avoid possible compromise of critical Penn systems, and to prevent others from accessing your personal information. With that in mind, you should take the following precautions:

Never share your PennKey password. Sharing your password gives others access to everything your PennKey gives you access to, such as grant financial information in GRAM or your GPA in PennInTouch. Once you share your password, you have lost control over how your account is used, you are still responsible for anything done using your PennKey. Sharing your password is also a violation of University policy. Check with your Local Support Provider for additional options.

Don't leave your password written on a post-it note or other piece of paper that is visibly displayed in your area.

Don't allow programs to save your password for you. Any one else who uses your computer could then access your information.

Avoid using the same password for multiple Penn systems or public web sites. Some systems do not secure your password. Contact your Local Support Provider to determine if you connect to any services or hosts that do not employ secure authentication.

Beware of anyone claiming to need your password; no Penn system administrator will ever ask you for your password.

Change your PennKey password immediately if you feel its security may have been compromised and report the incident to security@isc.upenn.edu. To learn more about how to change your password, see Changing a Known PennKey Password.

Be wary of web links in email, particularly in unsolicited email asking you to provide your password or any other kind of sensitive information. Even if a link in an email looks entirely legitimate, there is no guarantee that when you click on it, you will go to the website indicated in the email.

Before leaving a workstation unattended for any length of time, either lock the screen or quit your browser; otherwise, you risk having others using your account, forging messages in your name, inspecting or modifying personal information or confidential information to which you have access, etc.