ITS has created a password management system that allows passwords to be used for intervals of up to 180 days if the password meets complexity standards. Using a series of best practices, the password manager will guide you through creating a more secure password that can be valid for longer periods of time.
When changing your password you will notice a strength meter that will reveal the strength class of your password as you type it. The strength class determines how long your password can be used.
Moderate password = 90 days
Strong password = 120 days
Very strong password = 180 days
Use this chart to determine what constitutes a complex password.
** Character classes are defined as (a) Uppercase Letters (b) Lowercase Letters (c) Numbers (d) Approved Symbols
Additional Password Requirements and Information:
Your password must be at least 8 characters in length for standard users or 12 characters in length for users who have access to confidential data. Why? Length is the simplest way to increase security.
You will not be able to use any part of your name or username. Why? This information is often stored in public directories alongside your username.
You will not be able to reuse a previous password or a password that is too similar to the old password. Why? In the event of a compromise, the password will often be sold or added to hacker databases. Using the same password puts you at risk.
You will not be able to use only one dictionary word in your password. Why? Password cracking tools easily recognize dictionary word sequences.
You will not be able to use number substitutions for letters. (eg. f00tba11 will be seen as football) Why? Unfortunately, Password cracking tools are on to these practices.
- Approved symbols are: ! + - _ * ? % . { } ~
Must use a combination of uppercase letters, lowercase letters, numbers, and symbols. Standard users must have at least 2 of those character classes; users with access to confidential data must have at least 3 of the 4 character classes.
A secure password does not have to be difficult to remember.
Consider these tips and tricks to create a secure password that is unforgettable.
- Random passwords, like ones created by a random password generator, are the most secure passwords but also the hardest to remember. Try this spin on creating a somewhat random password.
Take a sentence: I am amazing because I created a very secure password today!
Use the first letter of every word: iaabicavspt! (90 days)
Secure it a little more with CAPS and a few characters: !IaabIcavspt! (180 days)
Let's try again.
Take a sentence: My first car was a baby blue 1960 Ford Mustang.
Use the first letter of every word: mfcwabb1960fm (90 days)
Secure it a little more: MfcwaBB1960FordM. (180 days)
Try a pass “phrase” instead of a pass “word”. Turn a password into a sentence. Use length to your advantage.
Weak: spring1spring (90 days)
Best: Spring-is-MY-favorite-season1. (180 days)
Weak: mydogfluffy1 (90 days)
Best: MyincredibleDogFLUFFYis9! (180 days)
Create a mental picture of your password. Imagery helps you remember. Sketch it out and post it on your wall. No one will know that this pic is your password.
Mona Lisa: France-lady-crazyeyes-Bonjour
First Football game at App: crowd-blackgold-GASouthern-win!
Make a password meaningful but not personal.
Never use personal information in your password such as an address, phone numbers, names of family members, etc. Do, however, make a password meaningful to you. Base your password on a fond memory or a personal goal. Your thoughts are unique to you and are probably not recorded elsewhere. lose20lbsbytheendofSeptember!
Find patterns that you can carry over to future password changes and are still secure.
1st 180-day password: ketchup-christmas-tomato-rose (things that are red)
2nd 180-day password: cucumber-grass-rhododendron-pinetree (things that are green)
3rd 180-day password: blueberry-waterfall-sky-globe (things that are blue)
etc.
Please do not use any passwords that are displayed on this page for obvious reasons.