Password Security FAQ
- What is Password Security?
- Why should users care about Password Security?
- How will a user know if he/she is using a weak password?
- What are characteristics of a strong password?
- Are there examples of strong passwords?
- How can a user keep his/her password secret?
- How frequently should a user change his/her password?
- What happens if a user forgets his/her password?
- I've got so many passwords, how am I supposed to remember them all?
Password security is the practice of creating a strong password and maintaining its secrecy.
Each user at Regent University is assigned a unique username. To utilize Regent University's computer assets, users are required to authenticate via username/password credentials. The password provides verification to the network, email server, or application each time you request service. In essence, the username and password combination verifies you are who you claim to be. Should a user not practice password security, an imposter may be able to compromise the user's password and gain access to the systems with all of the privileges assigned to the compromised user's account. For instance, the imposter may gain access to personal files, academic information, private email messages, or confidential University information. For this reason, each user should have concern about proper password creation procedures and password secrecy methods.
In short, a weak password is one that is easily guessed. Easily-guessed passwords are usually found in the dictionary and are formed from a limited set of characters. At this time, many programs, called crackers, exist to repeatedly attempt to compromise account passwords using what is commonly called a dictionary attack. These programs maintain a large compilation of dictionary words, in various languages, and with many permutations of these words. Intruders trying to gain access to the network or other systems are often successful because of weak passwords. Another way a password is considered weak is if it is based on personal information such as username, spouse's name, child's name, birthdate, pet name, etc. Additionally, if a password is not of a considerable length it is weak. At Regent University, the recommeded length for passwords is no less than eight characters. Any user possessing a password with any of the above characteristics should consider his/her password weak.
The most important characteristic of a strong password is uniqueness. Strong passwords are not easily guessed and should contain no less than eight characters. In addition, strong passwords include use of both upper and lower alpha characters (a-z,A-Z), numeric characters (0-9), and non-alphanumeric or special characters (!~^'_-=+) (some programs may not accept certain characters). A strong password contains at least one of each of the above characters. Strong passwords are not based on a dictionary word or other personal information as noted above. One of the easiest ways strong passwords can be formed is by manuipulating a phrase into a mnemonic.
The following are examples of passwords formed from phrases.
Phrase: Regent University Christian Leadership to Change the World
Phrase: The New Testament
Phrase: Peas and Carrots
In each of these examples, the chosen passwords meet the University guidelines for minimum password criteria. Also, each password is not based on a single dictionary word.
Note: These examples are provided as a guideline to choose a strong password and users SHOULD NOT utilize any of the above examples as their own password.
Passwords are personal information that should never be shared with any other person, including, but not limited to, instructors, assistants, technology service staff, or supervisors. Users should not transmit passwords via email, as this is an insecure medium. Moreover, users are recommended against writing down passwords and/or storing them in an insecure place. Users sometimes record passwords in personal data assistants (PDAs) or other electronic means. While this is not entirely secure, users are encouraged to strengthen security by utilizing encryption capability. Users are discouraged from storing passwords in plain-text (non-encrypted) on any electronic media. Finally, Regent University recommends that passwords not be shared with external accounts such as AOL, Yahoo!, MSN, or other free or paid services.
Regent University recommends that users change their password approximately every 180 days. If at any time a user suspects that his/her password has been compromised, the user should immediately change all passwords to protect individual and university confidentiality.
Users should contact the Help Desk at 757.352.4076 or firstname.lastname@example.org if a password has been forgotten. The Help Desk has the ability to reset passwords to temporary values. Once a password has been reset, the user should change the password as soon as they are able to gain access to the system.
If you have many different accounts with separate passwords (a good idea by the way), then you probably struggle to remember which password goes with what account. Either that or you just make your password very simple so that you don't forget. There are many programs available (some for free) that help manage passwords. Password Safe is one of these programs. It will allow you to store all of your passwords in one database. It encrypts the database using a key based on one single password you choose. From here on out, all you need to remember is the one password to let you in, then find whatever password you need to get into your other accounts. If you don't like this one, look around. There are plenty of other password programs out there. The point is that you are being diligent in protecting information, but won't have to remember so many passwords.