Password Best Practices
Read the password policy and guidelines
All Penn State Access Account owners are expected to read and comply with
the provisions of the ITS Password Policy and Guidelines.
Create a strong password
Use strong passwords to protect your computing resources. Follow these rules
to create strong passwords:
- Use two numbers in the first eight characters.
- Pick long passwords,
at least 8 characters in length if the system allows it.
- Don't use a common dictionary word, a name, a string of numbers, or
your User ID.
- One of the easiest to remember and hardest
to crack password methods is the pseudo-random password. The actual password
is generated from an easy to remember phrase that is important to the
user. This phrase can be the words from a book that you particularly
like, words from a song that you always remember with ease, a statement
that some powerful figure made that you will never forget. The key to
a successful password is to create a phrase that is easy for you to remember,
but no one else will ever think about attributing it to you.
- personal phrase: "Four
score and seven years ago our fathers brought…"
password:
4scanse...
method: Chose first two letters
from each word until a total of eight characters resulted.
- personal phrase: "It was
a dark and stormy night...".
password : iWadasn7
method: Chose first letter from each word, followed
by the age of nephew.
- personal phrase: My Brother's Birthday
Is april(4) Twenty Two Nineteen Sixty three(3)
password : mbbi4tt19s3
method: Chose the first letter from most words, and substituted numbers for letters.
- Certain special characters may be used. However, note
that some applications may not accept special characters. If this problem
is encountered, changing your password to a combination of letters and
numbers should solve the problem. Examples of permitted special characters
are shown below:
Note that some special characters should not be used; see disallowed
special characters. Also, if you use dial-up service to connect,
you cannot have any special characters in your password.
Avoid a weak password
When creating passwords, avoid the following:
- Easy to guess passwords such as a blank or "password"
- Your name, spouse’s name, or partner’s
name
- Your pet’s name or your child’s
name
- Names of close friends or coworkers
- Names of your favorite fantasy characters
- Your boss’s name
- Anybody’s name
- The name of the operating system you’re
using
- String of numbers or letters, like 1234,
abcde
- The hostname of your computer
- Your phone number or your license plate
number
- Any part of your social security number or Penn State ID
- Anybody’s birth date
- Other information easily obtained about
you (e.g., address, town, alma mater)
- Words such as wizard, guru,
password, gandalf, and so on
- A username in any
form (as is, capitalized, doubled, etc.)
- A word in the English dictionary or
in a foreign dictionary
- Place names or any proper nouns
- Passwords of all the same letter
- Simple patterns of letters on the keyboard,
like asdfg
- Any of the above spelled backwards
- Any of the above followed or preceded
by a single digit
Protect your password from misuse
- Do not let anyone else know or use your password; this is a violation
of University policy.
- For optimum security, don't write your password down. If you must write
it down, keep it somewhere private such as in a locked drawer or in your
wallet. Don’t post it on your computer or anywhere around your desk.
Don’t include the name of the system or the associated User ID with
the password.
- Be aware of when a password is sent securely across the Internet. URLs
(Web addresses) that begin with “https://” rather than
“http://” are secure for use of your password. The "s"
in "https" means that the Web site is encrypted and cannot easily
be read by other people. If the URL does not begin with "https" then
you should not use your Penn State Access Account password.
- If you suspect that someone else may know your current password, change
your password immediately.
- Change your password periodically, even if it hasn't been compromised.
- Don't type your password while anyone is watching.
Disallowed special characters
At this time, the following characters are excluded from the special character
list because they are known to be incompatible with some systems.
- Space
- Double Quote: "
- Single Quote: '
- Backtick: `
- Ampersand: &
- Left Paren: (
- Right Paren: )
- Bar: |
- Less Than: <
- Greater Than: >
Related information:
You should never share your password with anyone, even your closest relative
or friend. Why?
What can happen when you're careless with your password? Read
these true stories to find out.
