Password Best Practices
Tips for securely managing your
Access Account password
Create a strong password
Use strong passwords to protect
your computing resources. Follow these rules to create strong passwords:
§ Use
two numbers in the first eight characters.
§ Pick
long passwords, at least 8 characters in length if the system allows it.
§ Don't
use a common dictionary word, a name, a string of numbers, or your User ID.
§ One
of the easiest to remember and hardest to crack password methods is the
pseudo-random password. The actual password is generated from an easy to
remember phrase that is important to the user. This phrase can be the words
from a book that you particularly like, words from a song that you always
remember with ease, a statement that some powerful figure made that you will
never forget. The key to a successful password is to create a phrase that is
easy for you to remember, but no one else will ever think about attributing it
to you.
§ personal
phrase: "Four score and seven years ago our fathers brought…"
password: 4scanse...
method: Chose first two letters from each word until a total of eight characters resulted.
password: 4scanse...
method: Chose first two letters from each word until a total of eight characters resulted.
§ personal
phrase: "It was a dark and stormy night...".
password : iWadasn7
method: Chose first letter from each word, followed by the age of nephew.
password : iWadasn7
method: Chose first letter from each word, followed by the age of nephew.
§ personal
phrase: My Brother's Birthday Is april(4) Twenty Two Nineteen Sixty three(3)
password : mbbi4tt19s3
method: Chose the first letter from most words, and substituted numbers for letters.
password : mbbi4tt19s3
method: Chose the first letter from most words, and substituted numbers for letters.
§ Certain
special characters may be used. However, note that some applications may not
accept special characters. If this problem is encountered, changing your
password to a combination of letters and numbers should solve the problem.
Examples of permitted special characters are shown below:
$
. , ! %
^ *
Note that some special
characters should not be used; see disallowed special characters. Also, if you
use dial-up service to connect, you cannot have any special characters in your
password.
Avoid a weak password
When creating passwords, avoid
the following:
§ Easy
to guess passwords such as a blank or "password"
§ Your
name, spouse’s name, or partner’s name
§ Your
pet’s name or your child’s name
§ Names
of close friends or coworkers
§ Names
of your favorite fantasy characters
§ Your
boss’s name
§ Anybody’s
name
§ The
name of the operating system you’re using
§ String
of numbers or letters, like 1234, abcd
§ The
hostname of your computer
§ Your
phone number or your license plate number
§ Any
part of your social security number or Penn State ID
§ Anybody’s
birth date
§ Other
information easily obtained about you (e.g., address, town, alma mater)
§ Words
such as wizard, guru, password, gandalf, and so on
§ A
username in any form (as is, capitalized, doubled, etc.)
§ A
word in the English dictionary or in a foreign dictionary
§ Place
names or any proper nouns
§ Passwords
of all the same letter
§ Simple
patterns of letters on the keyboard, like asdfg
§ Any
of the above spelled backwards
§ Any
of the above followed or preceded by a single digit
Protect your password from misuse
§ Do
not let anyone else know or use your password; this is a violation of
University policy.
§ For
optimum security, don't write your password down. If you must write it down,
keep it somewhere private such as in a locked drawer or in your wallet. Don’t
post it on your computer or anywhere around your desk. Don’t include the name
of the system or the associated User ID with the password.
§ Be
aware of when a password is sent securely across the Internet. URLs (Web
addresses) that begin with “https://” rather than “http://” are secure for use
of your password. The "s" in "https" means that the Web
site is encrypted and cannot easily be read by other people. If the URL does
not begin with "https" then you should not use your Penn State Access
Account password.
§ If
you suspect that someone else may know your current password, change your
password immediately.
§ Change
your password periodically, even if it hasn't been compromised.
§ Don't
type your password while anyone is watching.
Enable Security Questions
Setting personal security
questions greatly enhances the protection of an Access Account. The
security measure enables a forgotten or expired password to be reset remotely
by the user and without assistance from the ITS Accounts Office.
The answer creation process to
security questions should follow similar procedures to that of generating a
password:
§ Information
not easily obtainable
§ Notable
answer, yet hard for others to guess
§ Do
not print answers to the questions
§ Store
answers in a secure location if necessary to have printed
§ Change
questions periodically to ensure protection
No comments:
Post a Comment