What password should I use?
Passwords must be at least 9 characters long.
Two rules about passwords
- Passwords of 9 to 15 characters in length have a number of restrictions:
- It must not contain common words or substitutes
- It must not include your username or real name
- It must contain characters in more than one of these groups: lower case, upper case, numbers, and punctuation. For example, these would not be valid passwords:
- Passwords longer than 15 characters must follow these rules:
- It must not include your username or real name.
- It must contain at least two types of characters (lowercase, uppercase, numbers, punctuation).
OK: My cat is not happy
OK: my cat is not happy.
Bad: my cat is not happy
How to create a good password
Option 1: The easiest way is to use a passphrase that is more than 15 characters long. You can pick anything you want, so it should be relatively easy to find something you can remember. Here are two examples:
- I have a fine cat
- My yard is always green.
Note that you need to come up with your own phrase; the examples above should not be used.
Option 2: Another option is to login to our accounts page, follow the "Set/Disable Password" link on the left hand column, and pick one of the suggestions the system offers. When picking a suggestion, do not cut and paste! Type in the password twice, to ensure that you can type it in reliably.
Write it down and keep it in your wallet (not on your monitor or anywhere not private). Within a week you will have it memorized, just like you can remember your telephone number and social security number, even though they aren't "easy to remember". Remember to destroy any paper record once you have it memorized.
Option 3: Create your own password following the rules listed above regarding passwords that are 9 to 15 characters in length.
Systematic password guessing attacks are sophisticated and will routinely 'crack' these types of passwords:
- Those that contain your network ID, username, your first, middle, or last name, or any common permutation thereof.
- Those that are derived directly from words or phrases of any language. Embedding a number or case-shift within a word (of any language) does not make a valid password. Examples of bad passwords include: time2go, big$deal, ivyLeague, 2morrow, money$, and Ivyleague.
- Those that are all upper-case or all lower-case. For example,ivyleague, IVYLEAGUE, and jklasdf are not valid passwords.
- Those that are composed of all numbers; embedding decimal minus signs, or plus signs within a number does not make a valid password.
Finally, passwords are confidential. DO NOT GIVE YOUR PASSWORD TO ANYONE!
Please feel free to also check out the Offical ISC password page.