Salta al contenuto principale

Rules of conduct for password use

disegno di un lucchetto blu con un circuito elettronico sullo sfondo
The University never requests password verification by email. Please pay particular attention and protect your credentials in order to avoid phishing attempts (computer fraud aimed at obtaining confidential data).
How to protect yourself against phishing

Please carefully follow the simple rules below for password use (these apply both to members of the UniTo community and to individuals who upload data through the University portal applications).

General rules

  • Store your authentication credentials for accessing services with the utmost care and diligence
    (in the same way as you would handle a bank card PIN), and never share your passwords with other people, even at different times.
  • Change your password periodically (every three to six months) and use different passwords to access different portals and social networks.
  • Use passwords consisting of at least eight characters or, if the electronic system does not allow this, the maximum number of characters permitted.
  • Create passwords that do not contain information easily traceable to you, such as your first and last name or those of family members, tax code, student ID number, date of birth, mobile phone number, etc.
    Use a combination of uppercase and lowercase letters, numbers, punctuation marks and non-alphabetic characters (e.g. ! $ # or %).
  • Immediately notify the University of Turin of any unauthorised use of your user ID (username) and password, or any other IT security breach, by opening a ticket on the UniTo Service Desk.

Users assume full responsibility for all activities carried out through the services and undertake to indemnify and hold harmless the University of Turin from any claims, demands or threats related to or arising from the use or misuse of their access to the services.

All operations performed using passwords are the sole responsibility of the user.

Rules for users performing data entry activities

Individuals performing data entry activities are aware that they are:

  • responsible for all operations carried out using their password;
  • bound by confidentiality obligations with regard to the work processes in which they are involved;
  • required to comply with the following obligations:
    • not to disclose externally any information relating to the Administration;
    • not to disclose its production methods or use them in any way that could cause damage or prejudice;
    • not to extract a copy of the database or copy any part of it, unless specifically authorised in writing by the responsible officer.

RELATED CONTENTS