Cybersecurity: Editorial Manager® System Password Protection

In today’s technology-driven world, professional and personal data security is imperative. Aries Systems is dedicated to supporting a safe and secure publishing experience for all users. In honor of October being National Cybersecurity Awareness month, Aries is highlighting the importance of password protection and EM/PM system functionality available to support this.

In addition to choosing strong passwords, Aries Systems highly encourages all EM/PM users to frequently change their passwords for all of their EM/PM accounts. Updating your password proactively and periodically helps assure that hackers are less successful in their forceful attempts to gain access to your account. Brute force hacking methods, also known as exhaustive search, rely on programmatic automation of trial and error password entry. Editorial Manager locks a user out after a certain number of failed password attempts in a set period of time to limit this sort of malicious use of the system, but it is always best to refresh your password to further guard your data.

Recommended best practices for password maintenance include:

  • Use unique passwords across your various accounts. For example, it is never a good idea to use the same username and password for your bank account as your EM/PM account.
  • Do not use your birth date, anniversary, or other important date as part of your passwords. This information tends to be publicly available or often shared in written statements, documents, email or text messages, etc. A hacker could gain access to your email and use these dates in conjunction with other context clues in your correspondence to gain access to your accounts.
  • Use a combination of mixed case, numeric, alphabetic, and symbols to create your password, for example use “P@$$woRd” instead of simply “password” – although, we highly recommend choosing a more unique word/set of words for their actual password!
  • While it may be convenient in the moment, never save your passwords to browsers when prompted, especially when sharing a computer with another individual. These saved passwords will make it easy for others to gain access to your account when using the computer on loan, through unauthorized virtual use, or in the event your device is lost or stolen.

In recent years, enhancements have been made to the EM/PM system to enforce more stringent passwords. For new users to complete registration, new users are required to enter in their password identically twice, must abide by all profile rules if the journal site has a Password Profile set, and select and answer security questions if the journal site has this enabled. Behind the scenes, Aries also implemented a salted-hash password approach, meaning passwords are stored as a coded algorithm (hash), and hashes are then randomized by appending a random string (salt) to the password to prevent security vulnerabilities such as two users having the same exact password with the same hash, and potential hacking opportunity using that consistency to break the hash.

For those who have not updated their password in some time, Aries strongly recommends that users update their password to comply with the new default password criteria to ensure your EM/PM accounts are less susceptible to hacking and account and email misuse. Aries also advises that unique passwords be used for each individual EM/PM account for different journals. To ease the burden of tracking and constantly updating different passwords for each specific journal site a user is affiliated with, Aries encourages users to take advantage of the ORCID Single Sign-on option if enabled by the journal. As a best practice, publishers should also be enforcing password changes as a part of their own policy for users.

For questions, please contact your Aries Account Coordinator.