Password Change Procedure
Using Strong Passwords
A password is a string of characters used for user authentication to allow or disallow to gain access to a resource, which is kept secret from those not allowed to access. There are numerous programs that attempt to determine passwords, both by guessing common passwords and by randomly generating possibilities and trying them all, or a combination of the two. That’s why it is important to have a strong password.
A strong password is a combination of numbers, uppercase letters, lowercase letters, and if possible, special characters (such as [email protected]#$%^&,*). This makes the password nearly impossible to guess in a reasonable amount of time, and ensures that all the hard work you put into keeping your machine well-defended does not go to waste. The longer the password, the harder it is to guess.
Of course, as passwords get closer to random numbers and letters, they also become more difficult to remember, but that doesn't mean that you have to choose a weak password either.
Remember: If you think there's a chance that someone else has seen your password, make sure you change it immediately.
Guidelines for Creating Strong Passwords
A strong password is designed to be complex and therefore difficult to guess or crack.
Choose a password that fits the following rules:
- The password must be at least 8 characters long without any whitespaces.
- The password should contain at least one character from three of the following four groups:
- The use of upper-case alphabetical letters (A – Z)
- The use of lower-case alphabetical letters (a – z)
- Inclusion of one or more numerical digits (0 – 9)
- Inclusion of special characters, such as ., ;, &
- Exclude using special character ! in your password
- The password must be unique, not used previously on another account or service.
- The password can not be part of your username, or name, or simple dictionary words.
- Longer passwords (or "passphrases") can be formed using a phrase or sentence. They are easy for you to remember, but difficult for others to guess.
- A short phrase or sentence is often easier to remember.
Other Important Password-Related Guidelines
- Your account is your responsibility. Do not share your password with others, including technicians. Lamont IT and/or CUIT staff will never ask for your password.
- Do not choose a password that is based on personal information that someone who knows you may be able to guess.
- Do not use your username (first part of your email before @ sign) or your name/department name as your password
- Do not use your LDEO username and password for access to third-party systems (e.g., online shopping, newspapers, travel websites)
- Avoid letting software save or store your passwords. Not only will you increase the chance that someone will be able to access data on your computer or personal information, but you will be more likely to forget the password if you do not type it in regularly.
- Always log out of programs or websites and close your browser (i.e., Internet Explorer, Firefox or Chrome) when you are done working, especially on public computers.
- Protect your passwords and treat them as valuables.
Never share your password with anyone not even a relative or colleague. If another person has your password, they can, for all computer purposes, be you. This extends far beyond simply reading your email. At Lamont, this would also include sending email as you, gaining access to your sensitive financial or health information, and is considered a serious policy violation. It is just not a smart thing to do anywhere.
It's very important to use different passwords for different systems. This limits the damage a malicious person can do should a password fall into the wrong hands. Everyone understands that it's nearly impossible to memorize a different strong password for each service you need to log in to. It's a good idea to have a set of four or five very strong passwords that you use on different systems.
Do everything you can to memorize your passwords, but if, for some reason, you absolutely must write down a password, always keep the note with you or in a locked file, and do not write down the corresponding ID.