View Text Only Version

Information Security

Password Guidelines

Contact Us  

Information Security

Address:
Allegheny Hall 002
121 W. Rosedale Avenue
West Chester, PA 19383


Frank Piscitello, Manager/ISO
Phone: 610-436-3192
Fax: 610-436-3110
Email: FPiscitello@wcupa.edu

Guidelines for Selecting Good Passwords

  1. Consider using pass-phrases instead of passwords (see notes below regarding pass-phrases).
  2. Good passwords are passwords that are difficult to guess, consider passwords that contain letters, numbers and/or symbols.
  3. Using mixed case password is an excellent method of creating a strong password.
  4. Never share passwords. Do not give your password during training session or over the phone to support personnel.
  5. Do not write down your passwords.
  6. In general good passwords:
    • Have both upper and lower case letters
    • Have digits and/or symbols as well as letters
    • Are easy to remember, so they are not written down
    • Are at least six characters in length
  7. If you have passwords on multiple accounts, it is very tempting to have the same password for all accounts. However if one of accounts is compromised, all accounts are compromised. A common approach is to add a suffix to the base password for each different account.

Password Problems

Computer users having trouble logging into their account due to invalid or expired passwords should contact the Help Desk at x3350. In order to have your password reset you must present valid photo identification to the Help Desk, 021 Anderson Hall.

Users who believe their password has been compromised should contact the Help Desk at x3350 immediately.

Pass-Phrases

One of the easiest to remember and hardest to crack password methods is the pseudo-random password. The actual password is generated from an easy to remember pass-phrase that is important to the user. This phrase can be the words from a book that you particularly like, words from a song that you always remember with ease, a statement that some powerful figure made that you will NEVER forget. This is the key. It is a phrase that is easy for you but no one else will ever think about attributing to you.

For example:

  • Pass-Phrase: My Wife's Birthday Is April(4) Twenty Fifth Nineteen Sixty six(6)
    • Password: mwbi4tfns6
  • Pass-Phrase: "Four score and seven years ago our fathers brought..."
    • Password: foscanse (arrived at by choosing the 1st 2 letters from each word until a total of eight characters resulted)
  • Pass-Phrase: "It was a dark and stormy night".
    • Password: iwadasn

It's easy for you to figure it out but it's a nightmare for a password cracker. The idea in this method is not that the password itself is easy to remember but that the process that you go through to arrive at it is so simple that you find yourself re-creating the same password with the process without even thinking about it.

When the time comes to change passwords, you have a number of options. You can change your pass phrase and re-process or you can keep the same phrase and change the order of the characters that you choose from it (take every second and fourth letter). It really doesn't matter -- what does matter is that you come up with very strong passwords that you can either remember or re-create on demand with little effort.