Security is not something we at universities like to think about, but the Internet is a really big place, and every login is a doorway into our computers. Your password is a key. The person to whom an account is issued is ultimately responsible for all activity in the account. Proper password security and account management helps ensure that others do not access and/or misuse an account for which you are responsible.

Password Guidelines

Proper selection and protection of a password is crucial to the security of our system. The following guidelines will help you pick a suitable password.

Try to pick a password that is not obvious. If you use words such as your name, your pet's name, or the town you are from, anyone could figure it out. You want a password that's fairly easy to remember, fairly hard to guess. The best choice for a password is a combination of letters that form no actual word. Do NOT use any of the following examples!!

• Take a phrase, a poem, a saying, a long title, or some other series of words that you like. For example, take the phrase "A stitch in time saves nine." Now take the first letters from each word in that phrase. Or the last letters if you like. Capitalize a random letter (or letters). Stick a punctuation character or a number in it. Now you have: 'aSiTs9'. Or with last letters: 'Ahnes9'
• Another way is to take two short syllables (preferably not complete words), and stick them together with a number and/or misspell the words For example, 'good4Uall' or 'eyeCon'
• Take two short syllables or short words, and mix them together. Cat and dogs becomes 'cdaotg'. Again, even better if you can manage to capitalize something, or stick a number in: 'c2daoTG'.

Longer passwords are best because they are be harder to guess through trial and error - there are fewer short passwords to work through for someone who is trying to guess a password. Here's why your password should be long. There are approximately 450,000 4-character strings from aaaa to zzzz. At a guessing rate of 1 password per second, it would take a computer about 5 days to run through all the possibilities. If your password is 7 characters, even if it doesn't include an upper case character or a digit as it ought to, there are over 8 billion possibilities. A major computer could run through all of them, but we're not worried about people with supercomputers. A computer running at 1 password per second would take 250 years to try all possibilities.

So make your password at least 8 characters, don't make it a word that might be in any on-line dictionary somewhere. And put in a few numbers and an upper case letter or two for good measure.

Avoid writing down your password. It is easier to find a password that has been written down, than one in memory only. If you must write down your password, be sure to put it in a secure place.

Change your password frequently. If someone breaks into your account, changing the password will prevent continuous misuse.

Don't give out your password.

Be careful when typing your password. Make sure no one is watching over your shoulder as you type. Passwords are not displayed on the screen for security purposes.

Do not leave your computer unattended when you are logged in. If you leave your machine, anyone could have access to your files. Also, be careful not to type in your password as your username by accident which would allow anybody to see your password.

If your account is left open at anytime, then your Exchange Mail is accessible. If Exchange is available, then messages can be sent with your name as the sender. Threatening or harassing E-mail messages are against school policy. Leaving your account open is an invitation for others to play in your account. Although it may seem funny to others to do this, you should safeguard your account by not leaving it unattended and changing your password regularly.

Don't use the same password here that you use anywhere on the Internet!

We strongly discourage passwords the following types of passwords:

• Do NOT use a word that's in the dictionary. Do not use people's names or place names either. Do not use a foreign word. There are some long dictionaries out there.
• Do NOT use any information about yourself, like your first name, last name, spouse's name, ATM card number, dog's name, phone number, birthday, and so on. Nothing personal. You're creating a key, not a welcome mat.
• Do NOT use fictional character names. Do not use names of wizards, or heroes, or cartoon characters. Do not use secret strings from computer games.
• Do NOT use simple keyboard patterns: all one letter, or letters in a row.
• And do not use a bad password and spell it backwards or place a single digit on the end. If it was a bad password before you started it will still a bad password when you turn it around.
  

Return to Policies page

Copyright © 2002-2008
Privacy Statement
AA/EEO Statement