Guidelines for a good password
It is part of your responsibility as a computer user to create a strong password. Crackers use sophisticated programs to try to break passwords, and so you must take extra precautions to make your password as difficult as possible to crack. For maximum security, observe these guidelines when creating and maintaining your passwords:
- Indiana University network passwords must contain at least:
- 8-14 characters
- 2 numbers or symbols in the first 8 characters
- 5 different characters (letters, numbers, or symbols)
- IU network passwords must not contain:
- The at sign ( @ ), the number sign ( # ), the ampersand ( & ), or a space.
- Doubled numbers or symbols (e.g., 99 or %% )
- Any words, phrases, names, or slang, spelled forwards, backwards, or in a foreign language
- A Social Security number in the first nine characters of the password
- Any personal data such as your name, birthday, or phone number (or those of your children or significant other)
- Words constructed with similar-looking number substitutions (e.g., 0 for O ; $ for S ; 1 for i ), for example:
Note: Passwords are case sensitive. The lowercase c is a different letter from the uppercase C . Make sure that the Caps Lock key is not on, unless you intend to enter all uppercase letters.
Strategies for creating a good password
- Create an acronym from the letters of the words in a phrase, song lyric, or quotation that is memorable to you (e.g., "To be or not to be?" could become "2BRnot2B?"). This is not the same as letter substitution, listed above under "Passwords must not contain:".
- Interleave two words or a word and a number sequence that is meaningful to you, for example, your favorite fruit and a memorable year (e.g., "kiwi" and "1987" could be interleaved as "k1i9w8i7", or "ki19wi87", or "ki1987wi").
- Deliberately misspell words, or substitute phonetic replacements throughout (e.g., "Mississippi" could become "Mrs.Ippi").
- Use a mixture of uppercase and lowercase letters.
Keeping your password secure
- Do not write your Network ID username and password in the same place.
- Never share your password with anyone.
- Never send anyone your password via e-mail (even if the message requesting your password seems official).
- Change your password every six months.
Why are passwords important?
Occasionally, intruders attempt to gain access to shared computer systems through the accounts of others. Their motives vary from curiosity to criminal malice. At risk are:
- Your privacy: Your e-mail could be read by others.
- Your reputation: An intruder can send slanderous, defamatory, or otherwise embarrassing messages from your account, under your name. An intruder could also store material on your account that would implicate you in illegal or unethical acts, such as software piracy.
- Your files: An intruder can steal, modify, or destroy the information you keep on the shared computer.
- Your computing resources: The motivation of many intruders is to use your account as a staging ground for broader intrusions into IU computers. While IU computer support staff protect IU's systems with the latest technology and constantly monitor the development of any threat, the individual computer account is still the weakest link.
These are all very real possibilities that have occurred at IU.