Password Selection

Passwords should be hard to guess. This means that passwords or components of passwords should meet the following criteria:

• Don't use your login name in any form (as-is, reversed, capitalized, doubled, etc.)

• Don't use names of persons, pets, places or things significant to you in any form.

• Don't use numbers significant to you or someone close to you: phone numbers, birth dates, license numbers, etc.

• Don't use any name, number, place or other item associated with the University.

Passwords should be immune as possible to attack by password cracking programs. This means that passwords or components of passwords should meet the following criteria:

• Don't use a word contained in English or foreign language dictionaries, place names, and proper nouns.

• Don't use passwords of all the same letter.

• Don't use passwords based on simple keyboard patterns, such as ghjkl;' or qwerty.

• Don't use any of the above reversed or followed/prepended by a single digit.

To construct a better password we recommend the following guidelines. Remember that the password should be easy to remember.

• Use a password with unusual capitalization.

• Use a password with nonalphabetic characters, e.g. numbers or punctuation, if your system allows them.

• Choose a line from a book, poem or song or generate a sentence you will remember. Use the first letter of each word to generate the password. For example, "In Xanadu did Kubla Khan a stately pleasure dome decree" could become "IXdKKaspdd".

• Concatenate words or parts of words. For example:

  dog + rain becomes "dog:rain" or better "doG:raiN",

  the + dog becomes "the1dog" or better "the1Dog=",

  my + ninety + books becomes "my9tybooks" or better "mY9tyBooks".

• Embed or interleave two or more words. This technique is not for everyone. Embedding and interleaving comes easily to some people but the combinations are impossible to remember easily for others. For example:

  kitten + dog becomes "kitdogten" or better "kiTdogTen",

  cat + dog becomes "cdaotg" or better "cd8ao;tg".

• Alternate between consonants and vowels to construct nonsense words that are usually pronounceable, and thus easily remembered. For example:

  rout + bo becomes "routbo" or better "rout;;BO",

  quod + pop becomes "quodpop" or better "qUOd84pop".

For unix systems at Laurier:

• All unix systems (e.g. mach1, info, omnis, mserver) allow the use of alphabetic, numeric and special characters (e.g. - _ * $) in the password. Do not use the @ character or the # character as these have special meaning for unix.

• At least 2 characters must be alphabetic and at least one character must be a digit or special character.

• Minimum password length is 6 characters, only first 8 characters of a password are used.

• The password cannot equal the login name or be a circular shift of the login name.

• On a password change, the new password must differ from the old one by at least 3 characters.

For the Oracle password (also referred to as Banner, Student Information System, Finance, wlumenu):

• Only alphabetic and numeric characters are allowed.

• Minimum password length is 6 and at least 1 character must be numeric.

For the Novell network:

• Novell allows the use of alphabetic, numeric and special characters in the password.

• Minimum password length is 6 characters, only the first 15 characters of a password are used.

Once selected, your password should not be recorded anywhere either on paper or in a computer file.

Do not share your password with anyone. Anyone who needs access to the system will be given their own account.

Change your password regularly. Users on omnis are required to change their passwords every 90 days.

If you believe that your password has been compromised and that your account, on any system, is being used by some other individual, please contact Bob Ellsworth, Manager: User Support at x3120 or bellswor@wlu.ca

These guidelines are intended for your protection by making both your account and the University computer systems more secure.