MSU-Northern ITS: Passwords Security

Information Technology Services: Password Security

Security is not something we at universities like to think about, but the Internet is a really big place, and every login is a doorway into our computers. Your password is a key. The person to whom an account is issued is ultimately responsible for all activity in the account. Proper password security and account management helps ensure that others do not access and/or misuse an account for which you are responsible.

Try to pick a password that is not obvious. If you use words such as your name, your pet's name, birth dates or the town you are from, anyone could figure it out. You want a password that's fairly easy to remember, but still hard to guess.

The best choice for a password is a combination of letters, numbers and special characters. Part of Northern's password policy is a requirement for this level of complexity.

Your network/email password must be a minimum of 8 characters long and contain characters from three of the following four categories:
* At least one uppercase letter (A through Z)
* At least one lowercase letter (a through z)
* At least one number (0 through 9)
* At least one of these non-alphanumeric characters:
!@#$%^&*()_+|~-=\`{}[]:";'<>?,./

Your Portal password must meet these requirements:
* The password must be 8 to 20 characters long.
* The password must contain a letter.
* The password must contain a digit.
* The password must contain at least one of these special characters: $,*,%,@,#,&.

The longer the password the better because they are be harder to guess through trial and error. If someone is trying to guess a password, there are fewer short passwords to work through. Although Northern's password policy only requires passwords to be 8 characters long, ITS strongly recommends they contain at least 12 characters. When choosing a password, think along the lines of a passphrase instead of just a word.

Avoid writing down your password. If you must write down your password, don't write your account name and password on the same piece of paper and be sure to put it in a secure (locked) place. Never store passwords in a file on any computer system (including Palm Pilots or similar devices) without encryption.

Do NOT use the "Remember Password" feature of applications or web sites.

If you suspect an account or password is has been compromised, report the incident to ITS and change ALL your passwords.

Don't give out your password.

Be aware of who is present when typing your password - Make sure no one is watching over your shoulder as you type.

Do not leave your computer unattended when you are logged in. If you leave your machine, anyone could have access to your files. Log out or use the screen lock feature.

Don't use the same password here that you use anywhere on the Internet! Do not use the same password for MSU-Northern accounts as for other non-Northern access (e.g., personal ISP account, non-Northern web email accounts, option trading, benefits, etc.). Where possible, don't even use the same password for various MSU-Northern access needs. For example, select one password for email/domain access and a separate password for Banner.

We strongly discourage passwords the following types of passwords or parts of passwords:

Words found in the dictionary, people's names or place names, foreign words.
Information about yourself, like your first name, last name, spouse's name, ATM card number, dog's name, phone number, birthday, and so on.
Fictional character names such as names of wizards, or heroes, or cartoon characters. And do not use secret strings from computer games.
Repeated characters, such as AAA or 555;
Alphabetic sequences, such as abc or CBA; and Numeric sequences, such as 123 or 321;
Common keyboard sequences, such as Qwerty or pas.
And do not use a bad password and spell it backwards or place a single digit on the end. If it was a bad password before you started it will still a bad password when you turn it around.

Top of page

Return to Policies & Guidelines

Quick Links Help Desk - 3765 ITS Home IT Security Services Information About... Site Index In this section... Inside ITS Mission Policies & Guidelines Licenses Staff Help Desk MSU-Northern students, faculty and staff - Use the ITS Help Desk as the first point of contact for your technology problems, questions & services! Information Technology Services Help Desk Walk-in Support: Cowan Hall 117B Telephone Support: 265-3765 E-Mail Support: itstech Last Updated: 18-Jun-2009
	Information Technology Services: Password Security Security is not something we at universities like to think about, but the Internet is a really big place, and every login is a doorway into our computers. Your password is a key. The person to whom an account is issued is ultimately responsible for all activity in the account. Proper password security and account management helps ensure that others do not access and/or misuse an account for which you are responsible. Try to pick a password that is not obvious. If you use words such as your name, your pet's name, birth dates or the town you are from, anyone could figure it out. You want a password that's fairly easy to remember, but still hard to guess. The best choice for a password is a combination of letters, numbers and special characters. Part of Northern's password policy is a requirement for this level of complexity. Your network/email password must be a minimum of 8 characters long and contain characters from three of the following four categories: * At least one uppercase letter (A through Z) * At least one lowercase letter (a through z) * At least one number (0 through 9) * At least one of these non-alphanumeric characters: !@#$%^&()_+\|~-=\`{}[]:";'<>?,./ Your Portal password must meet these requirements: The password must be 8 to 20 characters long. * The password must contain a letter. * The password must contain a digit. * The password must contain at least one of these special characters: $,,%,@,#,&. The longer the password the better* because they are be harder to guess through trial and error. If someone is trying to guess a password, there are fewer short passwords to work through. Although Northern's password policy only requires passwords to be 8 characters long, ITS strongly recommends they contain at least 12 characters. When choosing a password, think along the lines of a passphrase instead of just a word. Avoid writing down your password. If you must write down your password, don't write your account name and password on the same piece of paper and be sure to put it in a secure (locked) place. Never store passwords in a file on any computer system (including Palm Pilots or similar devices) without encryption. Do NOT use the "Remember Password" feature of applications or web sites. If you suspect an account or password is has been compromised, report the incident to ITS and change ALL your passwords. Don't give out your password. Be aware of who is present when typing your password - Make sure no one is watching over your shoulder as you type. Do not leave your computer unattended when you are logged in. If you leave your machine, anyone could have access to your files. Log out or use the screen lock feature. Don't use the same password here that you use anywhere on the Internet! Do not use the same password for MSU-Northern accounts as for other non-Northern access (e.g., personal ISP account, non-Northern web email accounts, option trading, benefits, etc.). Where possible, don't even use the same password for various MSU-Northern access needs. For example, select one password for email/domain access and a separate password for Banner. We strongly discourage passwords the following types of passwords or parts of passwords: Words found in the dictionary, people's names or place names, foreign words. Information about yourself, like your first name, last name, spouse's name, ATM card number, dog's name, phone number, birthday, and so on. Fictional character names such as names of wizards, or heroes, or cartoon characters. And do not use secret strings from computer games. Repeated characters, such as AAA or 555; Alphabetic sequences, such as abc or CBA; and Numeric sequences, such as 123 or 321; Common keyboard sequences, such as Qwerty or pas. And do not use a bad password and spell it backwards or place a single digit on the end. If it was a bad password before you started it will still a bad password when you turn it around. Top of page Return to Policies & Guidelines		Password Tips To help you comply with Northern's Password Policy, here are some tips! Do NOT use any of the following examples! Make up an acronym - Take a phrase, a poem, a saying, a long title, or some other series of words that has meaning to you and use the first letter of each word. For example, take the phrase "I'm going to work out 3 times a week." Take the first letter from each word in that phrase. (Or the last letters) Capitalize a random letter or letters. Stick a punctuation character and/or a number in it. Now you have: "ig2WOtaw!". Or using the last letters: "mgoKtesAk!" A similar method is to take out all the vowels from a short phrase "show me the money." becomes "shWmthmn$" Deliberately misspell words in a phrase - "I like chocolate" could become "Ilik#ch0klutt" Transform a phrase by using numbers and/or punctuation. "you are wonderful" becomes "UR1drful" Take two short syllables or short words, and mix them together and throw in a number or special character. "Cats and dogs" becomes "Cdao$tgsS".