The single most important component of any computer security scheme is the password assigned to users' accounts. Since it is not practical for the system administrators of the university's networked computers to assign and maintain passwords for everyone, users must be responsible for selecting strong passwords (i.e., difficult to guess). Failure to do so can compromise the security of an entire computer system. When selecting a password do not use the following:
- Any type of name - This includes but is not limited to your real name or your username; anyone else's username; your spouse's, parent's, boyfriend's, girlfriend's, or pet's name; the names of any friends or coworkers; your boss's name; the names of any fantasy characters; the name of an operating system; the host name of a computer, etc.
- Your or your friend's/spouse's home or work phone number Any part of your or your friend's/spouse's social security number Anybody's birthdate
- Any word in the English or any foreign dictionary.
- A place or a proper noun.
- Any "word" that consists of the same letters (e.g., xxxx), or any pattern of letters that might appear on a keyboard (e.g., qwerty)
- Any of the above spelled backwards, or either beginning or ending with a single digit.
Passwords that are difficult to guess include a mix of uppercase and lowercase letters, digits, punctuation symbols, and special characters (e.g., --), and are usually seven or eight characters in length. Three suggestions for creating strong passwords are as follows:
- Intermix the first letters of an easy to remember (short) phrase with digits, punctuation symbols, or special characters. For example, if the phrase "It was twenty years ago today" is used, then the following would be considered a strong password: Iw$ty^aT
- Combine two relatively short words with a special character, digit, or punctuation symbol For example, the words buzz and off could be combined with the tilde character to generate the password: BuzZ~OfF
- Use letters, special characters, and punctuation symbols to represent an English (or foreign) sentence. For example, the statement, You are so lazy! can be used to generate the password: UrSoLaz!
Users should also refrain from writing down their passwords. A password that is committed to memory is more secure than one that is written down since it reduces the number of people that might have an opportunity to see it.
If it is necessary to write down a password then (1) do not identify what was written as a password; (2) do not include the corresponding username with the password; (3) never post the password on any part of your computer; (4) do not maintain an electronic version of your password; and (5) try to make the written version different, yet still discernible to you, from the real password by scrambling the characters or including additional nonsense characters.
Remember: A single user with a weak password can compromise the security of an entire system and thus jeopardize the accounts of all users on the system. You are therefore encouraged to change your password and use the guidelines given above to create a new password as soon as possible. Do not wait until the next time you need to log into the system to do work. Make it a point to log into the system now to change your password.