Skip navigation

Password Tips

What is my Penn State Access Account?
Your Access Account is your Penn State digital identity and is composed of a User ID and a password that collectively provide access to a wide range of Penn State Internet services such as the Web, ANGEL, e-mail, LIAS, eLion, University calendars, eCommerce sites, employee benefit information, research services, ITS-managed student computing labs, and more. Your User ID, such as "xyz5000," is the public part of your digital identity and is generally used to create your e-mail address. Your password is the private part of your Penn State digital identity and it is against University regulation to share your password with others. Go to http://its.psu.edu/policies/ to read about Penn State policies, guidelines, and laws pertaining to information technology.
Why is changing my password annually important to me?
Protecting your password is one of the most important ways to keep your electronic files and data safe. Penn State's new Password Change Initiative, which requires that all Access Account holders change their passwords on an annual basis, will help secure your personal information in addition to protecting University business, research, and academic data.
How do I create a strong password that I won't forget?
Your password serves as the key to many of Penn State's electronic services including access to the Internet. Creating a strong password and changing it yearly are important ways to protect the privacy and integrity of your personal information, and can help guard against identity theft. Hackers actively seek out weak passwords that they can easily "crack" to steal services or perpetrate malicious mischief. Using a "personal phrase" to create your password will make it easier to remember. Learn more about creating secure passwords and using personal phrases at http://its.psu.edu/password/bestpractices.html.
How does the Penn State Annual Password Change Initiative support access to resources at a national level?
An important part of why Information Technology Services (ITS) is currently strengthening the Penn State Access Account is to enable the University to meet requirements of government, higher education, and corporate initiatives which relate to the access of digital resources (such as research collaboration tools, grid computing, grants, library content, and student aid). The Annual Password Change effort will help enable Penn State faculty, staff, and students to use their Access Accounts to access these important resources. The requirements for many external resource providers are derived from guidelines of the National Institute of Standards and Technology (NIST). NIST 800-63 recommends that at a minimum there is no more than one chance in 1,024 that a password used for accessing a system will be guessed over its lifetime. In order to meet the minimum requirements of this "guessing" guideline, Penn State is initiating two steps. The first step is to increase the strength of University Access Account passwords, and the second step is to set a lifetime on all Access Account passwords. The combination of password strength and expiration is designed to provide a secure yet manageable solution for Penn State community members—while simultaneously enabling them to meet digital resource guidelines at many levels.
Under Penn State's new Password Change Initiative, when will my password expire?
The new Password Change Initiative requires all Penn State Access Account holders to change their passwords once a year. Information Technology Services (ITS) recommends changing passwords more frequently for increased security. Each time you change your password, you will initiate a 365-day expiration cycle. ITS strongly encourages you to change your password before it expires, in order to avoid disruption to your access to University systems and services. All passwords that have not been changed since August 1, 2006, will expire on April 2, 2007. Any password changed after August 1, 2006 will expire exactly 365 days from the date and time of change.
Will ITS send me a reminder that my password is about to expire?
Yes. When your password is within eight weeks of its expiration date, the Penn State WebAccess screen, will present a brief message stating that your password will expire and you will be prevented from authenticating (logging on) through WebAccess. You will be provided with a link to a Web form where you can make the password change. After you have successfully changed your password, access to authentication through WebAccess will be restored. Penn State WebAccess allows users to authenticate once with their respective Access Account User ID and password to a central server in order to access multiple services, without needing to re-authenticate multiple times. (For more information on WebAccess, please see https://webaccess.psu.edu/help.html.) If you are still using an old password within four weeks prior to its expiration date, weekly e-mail reminders will be sent to notify you of the impending expiration, along with instructions on how to change your password. Please note, Information Technology Services (ITS) recommends that you change your password before it expires to avoid disruption of your access to University systems and services.
How can I help facilitate Penn State's Annual Password Change Initiative?
You can help Penn State spread the word by sharing information on the Password Change Initiative with all students, faculty, and staff in your area. Encourage University community members to go to http://its.psu.edu/password/ and http://its.psu.edu/password/bestpractices.html to read about the new Penn State policy; to learn techniques for creating a strong and easy-to-remember password; and to change their password soon. Communicating this information with individuals in your department who are responsible for Web content is especially important, since all Penn State Web pages that contain information relating to Password Policy should now be designed to point to http://its.psu.edu/password/, as part of the University's Password Change Initiative.
Should I wait until my password expires to change it?
NO...don't wait! Changing your password before it expires only takes a few minutes. Simply go to http://its.psu.edu/password/ and everything you need is accessible from that page, including the new policy guidelines; an easy-to-understand FAQ; and tips for creating a strong and easy-to-remember password. If you allow your password to expire, you must reinstate it by visiting an ITS Signature Station. In addition, if you don't have access to a Signature Station, you will need to contact the ITS Accounts Services Office for assistance. For questions about the Password Change expiration procedures outlined above, please contact the ITS Help Desk at http://css.its.psu.edu/consulting/consult.html.
Will my new password allow me to access ANGEL, eLion, and Penn State e-mail?
Yes! Your new password will work just like your old password. Once your existing password has been successfully changed, you will have access to all Penn State's Internet services including the Web, e-mail, ANGEL, LIAS, eLion, University calendars, eCommerce sites, employee benefit information, research services, ITS-managed student computing labs, and more.
Are there any concerns that I should be aware of after I set up my new Access Account Password?
If you encounter problems with FTP or other applications not working with your new password, this may be because you have entered your old password within the software settings and saved the settings at an earlier time. Consequently, the old password (instead of the new one) is being used to launch the application. Check your application settings and update your password. If you need further assistance, contact the ITS Help Desk at http://css.its.psu.edu/consulting/consult.html. If you use Oracle Calendar and are having problems, go to http://its.psu.edu/password/oraclecalendar.html.
Is there anything that I should be aware of as an Oracle Calendar user, when changing my Access Account Password?
Oracle Calendar users who keep an off-line version of their calendar must change their off-line calendar password to match their Access Account password, each time their Access Account password is changed. If you use hand-held devices that sync with Oracle calendar, you must also update your password in your sync client when it is changed. Go to http://its.psu.edu/password/oraclecalendar.html for instructions on changing your off-line Oracle Calendar password and hand-held device password using SyncML/Oracle Mobile Data Sync. If your situation is not addressed at the Web site, you can contact the ITS Help Desk at http://css.its.psu.edu/consulting/consult.html for assistance.
My new password doesn't work with e-mail and some of my other software, what should I do?
Many applications allow you to save your password within the software settings, so that you don't have to enter your password each time. You most likely entered your password and saved the settings in the software, and so your old password is being used when you launch your e-mail or other application. Check the settings and update your password. If you need further assistance, contact the ITS Help Desk at http://css.its.psu.edu/consulting/consult.html. For better security, don't save your password in software settings. When a password is automatically entered, anyone who gains control of your computer or handheld device will then have access to your e-mail or any other application where you have saved your password.
Do I need to change my password if I'm traveling or on sabbatical spring semester?
Yes -- if you are traveling abroad or nationally during the spring semester, it is extremely important that you change your Penn State Access Account password before you leave campus. ITS advises individuals who are traveling to change their passwords before they leave, or risk losing their access to Penn State Internet services while they are away. If you know of individuals who will be studying abroad, on sabbatical, or on leave of absence this spring, please urge them to change their passwords today at http://its.psu.edu/password/ online.

For more questions and answers about Access Account passwords, see the FAQ.

Security Tip

To avoid disruption of access to Penn State systems and services, change your password before it expires. Here's how.

What can happen when you're careless with your password? Read these true stories to find out.