University of Southern Indiana
Password Security

Password Security

Everything you ever wanted to know about password security is in this document. For protection strategies to password characteristics, it's everything you need to know to maintain a safe computing environment.

Overview 
Why Should I Care?
Characteristics of a Strong Password
How to Remember Complex Passwords
Password Caveats
Protecting Yourself Against Password Loss
Writing Down Passwords What do you do after we say "don't"? 
Forgotten Passwords What can I do now?

Overview

Passwords are a critical aspect of computer security. They are the first line of defense that provides protection for your user account. A poorly chosen password equates to a weak frontline, and may result in the theft of your user account. A stolen user account could then be utilized to expose/steal other network resources within the University. Therefore, all USI faculty, students, and employees (including contractors and vendors with access to USI systems) are responsible for ensuring their accounts are protected by secure passwords.

Why Should I Care About Password Security?

Your login name, or userID, allows you to access the resources and services associated with the University of Southern Indiana's network. Every time you connect, you are challenged for your password to validate your connection. If someone else determines your password, they can effectively assume your electronic identity. This means that individual then has full access to your files, your e-mail, personal information, and more. This intruder could modify or destroy your files, send threats via e-mail in your name, or subscribe to unwanted services for which you'd have to pay. In short, an insecure password can easily wreak havoc in your life.

Return to Top

Characteristics of a Strong Password

  • Strong passwords are suggested for all accounts and should be at least 8 characters long, a mixture of upper and lower case letters, punctuation and numeric characters.
  • Passwords should expire on a regular basis.
  • Passwords should remain confidential and original.

Return to Top

How to Remember Complex Passwords

It is possible to construct a password that is acceptable and memorable. The following are provided as examples only and should not be used; create your own password unique and memorable to yourself.

  • Creating a "pass phrase" is one way that helps to memorize a complex password. An example of a valid and secure pass phrase might be "Tqbf^0t1D" which is based on the old typing practice sentence "The Quick Brown Fox Jumped Over the Lazy Dog!" Substituting numeric or special characters adds to the complexity of the password making it much more difficult to crack.
  • Use lines from a childhood verse:
    Verse Line: Yankee Doodle went to town
    Password: Ydw2~twn
  • Foods disliked during childhood: 
    Food: rice and raisin pudding 
    Password: r1c&ras1nP
  • My license plate is "880-PTW". That's not acceptable; hackers know that people will use their license plate as a password so it's very easy to scan for passwords which are license plates. So, let's mix it up a bit - "88oh-PtW" is acceptable and is such a minor variation that I ought to be able to remember it.
  • Passwords should never be a word found in a dictionary (even foreign). Instead, use two or more words joined together. Or, use a combination of words and numbers. For example, instead of "dog and cat", use d0g+C4t! In this example, we have used upper and lowercase, numeric, and special characters thus creating a very secure and easy to remember password.

Return to Top

Password Caveats (Should Not)

  • Passwords should not be shared or written down. Treat your password like Kleenex, once shared with a friend don't use it again.
  • Passwords should not be a word found in a dictionary (even foreign).
  • Passwords should not contain any form of your name or userID. Don't use obvious passwords like "password", "guest", "user", or "admin".
  • Don't use personal information, such as names of family members or pets, your date of birth, social security number, or other similar information as part of a password. Since such information may be public, you should not use it in a password, even in combination with other characters.
  • Don't use common words or acronyms; spelled forwards or backwards.

Return to Top

Protecting Yourself Against Password Loss

  • DO NOT record your password on a post-it note stuck to your monitor or slid under your keyboard.
  • If you have a secure location, such as a safe or a locked desk drawer, you may want to store a written copy of your passwords there. DO NOT record your userID in the same location.
  • Log off your computer at the end of the day.
  • Avoid using password-saving features, such as Microsoft's Auto Complete feature.
  • Use a password-protected screen saver if you leave your computer, even for a few minutes.
  • If you think your password has been compromised, change it immediately.
  • Remind everyone in your work area or office to change his or her passwords if someone in the group is suddenly put on disciplinary leave, or is fired.

Return to Top

Writing down your password

There is a rule of thumb in the security community that one should never write down a password. Writing down a password increases the risk of it falling into the wrong hands. However, the practice this document suggests is such that it is often difficult to remember a password. The requirement for remembering more than one password further complicates the situation. If this is the case, then you could record them, but make sure that they are stored in a secure place - white boards, sticky notes on your monitor, and under your keyboard are not considered secure. Passwords should never be recorded with your userID as you would never record your pin number on your bankcard.

Return to Top

Forgotten Passwords

If you have forgotten or are having difficulty with your password, click here for assistance.

Return to Top

If you should have any questions regarding these services, please contact our Help Desk at (812) 465-1080 or by clicking the Contact us link in the top right of this page.


Contact Information Technology
×
Send Email to
×