Guidelines to Password Selection and Maintenance
Passwords should be hard to guess. This means that passwords or components of passwords should meet the following criteria:
- Don't use your login name in any form (as-is, reversed, capitalized, doubled, etc.)-
- Don't use names of persons, pets, places or things significant to you in any form.
- Don't use numbers significant to you or someone close to you: phone numbers, birth dates, license numbers, etc.
- Don't use any name, number, place or other item associated with the University.
Passwords should be immune as possible to attack by password cracking programs. This means that passwords or components of passwords should meet the following criteria:
- Don't use a word contained in English or foreign language dictionaries, place names, and proper nouns.
- Don't use passwords of all the same letter.
- Don't use passwords based on simple keyboard patterns, such as ghjkl;' or qwerty.
- Don't use any of the above reversed or followed/prepended by a single digit.
To construct a better password we recommend the following guidelines. Remember that the password should be easy to remember.
- Use a password with unusual capitalization.
- Use a password with nonalphabetic characters, e.g. numbers or punctuation, if your system allows them.
- Choose a line from a book, poem or song or generate a sentence you will remember. Use the first letter of each word to generate the password. For example, "In Xanadu did Kubla Khan a stately pleasure dome decree" could become "IXdKKaspdd".
- Concatenate words or parts of words. For example:
(a) dog + rain becomes "dog:rain" or better "doG:raiN",
(b) the + dog becomes "the1dog" or better "the1Dog=",
(c) my + ninety + books becomes "my9tybooks" or better "mY9tyBooks".
- Embed or interleave two or more words. This technique is not for everyone. Embedding and interleaving comes easily to some people but the combinations are impossible to remember easily for others. For example:
(a) kitten + dog becomes "kitdogten" or better "kiTdogTen",
(b) cat + dog becomes "cdaotg" or better "cd8ao;tg".
Once selected, your password should not be recorded anywhere either on paper or in a computer file.
Do not share your password with anyone. Anyone who needs access to the system will be given their own account.
Change your password regularly. Users are required to change their passwords every 90 days.
If you believe that your password has been compromised and that your account, on any system, is being used by some other individual, please contact Bob Ellsworth, Manager: Computer and Network Security at x3120 or firstname.lastname@example.org
These guidelines are intended for your protection by making both your account and the University computer systems more secure.