Guidelines for Secure Password Creation
Password Requirements
WINDOWS
Passwords for WINDOWS accounts require the following:
- Must be at least 8 characters long
- Must not exceed 30 characters
- Cannot start with a number
- Cannot contain a space.
- Must contain at least one upper case letter (A-Z)
- Must contain at least one lower case letter (a-z)
- Must contain at least one number (0-9) but not as the first character in the password.
- May contain special characters or punctuation. Banner users should only use the '_' (underscore) character.
- Cannot be a password that you've used over the last year.
- May not contain the user's first name, last name, user name or e-mail address.
- May not contain spaces or any of the following characters: > < " | ' ; / & # ?
UNIX
Passwords for UNIX accounts require the following:
- Must be at least 8 characters long
- Must not exceed 30 characters
- Cannot start with a number
- Cannot contain a space.
- Must contain at least one upper case letter (A-Z)
- Must contain at least one lower case letter (a-z)
- Must contain at least one number (0-9) but not as the first character in the password.
- May contain special characters or punctuation.
Password Guidelines
How to create a secure password
- Do use random mixed cased letters, numbers, & symbols.
- Do not use repeating combinations, such as '33333333', '45674567', or 'abcdefg'.
- Do not use English dictionary words or words with letters replaced with numbers or symbols, such as 'h@ck3r$', or '3ma1l'.
- Do create different passwords for differents systems or websites. If someone steals one of your passwords, they will not be able to access other systems.
- Do add random characters or change case within a word, such as 'tIta.nic' or 'cOm!PuteR'.
- Do not create a password that is easy to guess or observe.
- Do not use your username, your birthday or relative's birthdays, Social Security number, names of relatives, WPI building names, or street addresses.
- Do not store your passwords in a text file or Word document.
- Do not write your password on a piece of paper or Post-It note & store it nearby.
Password Responsibilities
- The owner of a username is responsible for all actions performed by that username, so it is important to keep your password secure. Never tell anyone else your password. (This includes coworkers, family members, Helpdesk employees, and the like.) If you think you have a problem that can only be solved by sharing your password with someone else (vacation, joint projects, supervisor access, etc.), contact the Helpdesk. We will work out an alternate solution for your particular department and circumstance. If anyone but the owner of a username is found logged in to that username, access to it will be immediately terminated.
- Don't be tricked into revealing your password. The only time you ever need to type your password is when logging in or changing it. No one from Information Technology will ever ask for your password. You should never provide it. If any person or program ever asks for your password, don't give it and report the incident to Information Security, via infosec@wpi.edu or phone number (508) 831-4800.
- If you think someone else has discovered your password, change it immediately. If you need assistance contact the Helpdesk.
- Log out or lock the computer when you are not using it. If you leave your desk with the computer logged in, someone else may access and possibly misuse your files, your accounts, and systems to which you have access.
Last modified: Sep 27, 2011, 21:19 UTC
![[WPI]](/Buttons/seal.gif "WPI Homepage"){kind=small}
![[CCC]](/Academics/CCC/Buttons/ccc.gif){kind=small}
![[Back]](/Buttons/back.gif){kind=small}