ITSS Home : Virus and Security Info : Baseline Security Template :Password Tips

Tips for Choosing a Password

Overview

Passwords are the key to many systems and applications. Your password helps to prove who you are, and to ensure your privacy and help protect the privacy of the data you may have access to.

Compromised passwords are one of the means by which unauthorized people gain access to a system. Someone logging on under your name has access not only to your computer files, but also can get access to your co-workers files through your file server, and can impersonate you to send malicious e-mail.

Many times you are requested to choose and maintain a password for various purposes (e.g., sign on to a file server, access your e-mail, use a password protected screen saver). At the University of Minnesota, there are three widely used passwords, the Internet, Novell and Enterprise. These passwords allow access to important central (e.g., central e-mail, WebCT, Tech Mart, some department web pages), Novell Office Servers, or Enterprise systems (e.g., PeopleSoft , Financial FormsNirvana, Electronic Grants Management System, Enterprise Document Management System) at the University.

It's important to choose a good password and protect it, since there are many password-cracking programs readily available on the Internet and passwords are the key to access many computer systems or applications.

General Guidelines for Choosing a Password

Do Choose:

• Something obscure. For instance, you might deliberately misspell a term or use an odd character in an otherwise familiar term (e.g., pHnEbon). Or use a combination of two unrelated words and a combination of letters and numbers (e.g., MutT37Yu)


• A combination of letters and numbers, or a phrase like "many colors" and then use only the consonants, "mnYc0l0Rz".


• The first letter from each word or phrase (e.g., TaYrrTooT, represents a line in the song "Tie a Yellow Ribbon Round That Old Oak Tree")


• To alternate between one consonant and one or two vowels, to create nonsense word. This provides nonsense words that are usually pronounceable, and thus, easily remembered. (e.g., rouTBoo or QuaDPop).


• A combination of letters, numbers and special characters in a word (wR1t#rS, represents writers)

Other Tips

• Use a MINIMUM of 8 or more characters (system permitting).


• Use mixed case wherever possible. Use uppercase on more than the first letter.


• Include at least one digit and a special characters (#, >, $).


• Avoid using the same password on multiple systems, especially test and production systems.

Change your passwords:

• Somewhere between 90-180 days depending on the criticality of the system.


• If your password has been compromised or you suspect it's been compromised.

Safeguard your password:

• If you need to write it down, keep it in a secure location (e.g., in your wallet or in a locked file). Or write down hints, not the password. Do not leave on or in your desk.


• Do not disclose your password to others, including system administrators. If you do share it, make sure you change it immediately.


• Never store a password in an electronic file or use the "save my password" feature for important passwords.


• Never send a password by email, unless encrypted.


• When vacating your workstation, completely log off the system or otherwise secure the terminal from unauthorized use.


• If you terminate your University employment or change departments, contact your Technical Coordinator to let them know that access is no longer needed.