Knowledgebase: Policies
Secure Password Policy
Posted by Pamela Kistler-Osborne on 07 February 2012 04:10 PM

Secure Password Policy

Choosing a secure password is necessary for protecting data on the Goshen College network. Hackers have developed very powerful password-cracking tools that incorporate extensive word and name dictionaries. Their cracking tools also check for words that are spelled backwards or are simple substitutions of characters.

In an effort to bring Goshen College security in line with best password practices, ITS has developed a system so that when you change your password, your new password will be checked to make sure it is a secure password and not one that can be easily guessed. If your new password fails the test, you will receive feedback on what is wrong with the new password and will need to try again.

Weak Password Examples

Here are a few examples of passwords that should be avoided:

  • Avoid passwords that can be found in the English dictionary, or in the dictionary of another language. For example, don’t make your password the word “password” or “secret”.
  • Avoid passwords that are the reverse of a word in a dictionary. Don’t create a password of “drowssap” (which is “password” spelled backwards).
  • Avoid passwords that are too short.  Always make your password at least 8 characters in length.
  • Avoid creating passwords where the same characters are repeated.  Don’t create a password of “mmmmmmmm” or “12345678”.
  • Avoid using passwords that contain personal information or names.  Don’t create a password using your first name, middle name, last name, login name, pet’s name, family member’s name, or computer’s name, etc.
  • Avoid using a password that is something familiar to you that someone else might know. Don’t create a password using  your phone number, street address,  social security number, student or employee ID number, GC related words (Mennonite, maple, leaf, etc.) favorite music band, office location, etc.

Remember, if your password wasn’t hard for you to think up, it won’t be hard for someone else to figure it out!

Create a Strong Password

Creating a passphrase is the best way to have a strong password that cannot be easily guessed. A passphrase is a sentence that you can easily remember, like “My dog Buddy loves to eat carrots but not celery.”  Make your password out of the first letter of each word in the sentence. For example, mdbltecbnc. Then, make this password even stronger by changing some of the letters to uppercase, and incorporating numbers and special characters.  For example, using the same sentence, your password could be mdBL2e^b0c

You can also create a strong password by selecting a word or a combination of words, and then drop vowels, replace some letters with numbers, replace spaces with punctuation marks and insert extra punctuation marks.
For example:    "Fred's boy" can be made into fRd5-6y!
(0 vote(s))
Not helpful

Comments (0)
Post a new comment
Full Name: