About The School Of Education

 

CSD News Update

New Password Policy

(Updated 01/17/2007)

 

On February 1st, USCA will begin requiring “complex” passwords on all computer systems attached to the USCA network as well as a requirement that these passwords be changed every 180 days.  These more stringent rules are being implemented after consultation with the Campus Technology Committee and match the requirements that USC Columbia has recently implemented for several of their systems.

 

In order to equalize the helpdesk workload, these new rules will be phased in using the following schedule:

 

Feb 1, 2007: Faculty/Staff with last names beginning with A through J

Feb 2, 2007: Faculty/Staff with last names beginning with K through Z

Feb 5, 2007: Students with last names beginning with A through B

Feb 6, 2007: Students with last names beginning with C through H

Feb 7, 2007: Students with last names beginning with I through K

Feb 8, 2007: Students with last names beginning with L through Q

Feb 9, 2007: Students with last names beginning with R through Z

 

The first time a user attempts to use their computer on or after their implementation date, they will be required to change their current password to one that meets the “complex” password rules before they can continue to log into the system.  Even if a user already uses a complex password, they will still need to enter a new password.

 

A “complex” password consists of a minimum of eight characters and must include three of the following four character sets:

 

  1. Upper case letters
  2. Lower case letters
  3. Numbers
  4. Special characters such as $, =, (, etc.

 

Here are some hints on how to create “complex” passwords that you can remember.

 

  1. Choose a line or two from a song or poem, and use the first letter of each word. For example, "Whoa! I feel good, I knew that I would, now” becomes “WIfgIktIwn”.  You would need to add a number or special character such as an exclamation point or comma in order to meet the “complex” requirement.  In the same vein, “Sixteen tons and what do I get” becomes “16tawdIg”.

 

  1. Slightly modify the street address where you grew up: “MainSt125”.

 

  1. Use the initials of your children/grandchildren, along with the number:  “Mntnjnbn4”.

 

  1. Use a word or phrase relating to a hobby: “I like to play with my three old cars” becomes “Iltpwm3oc”.

 

  1. Alternate between one consonant and one or two vowels with mixed upper/lower case. This provides nonsense words that are usually pronounceable, and thus easily remembered. For example: “roUtboo” or “quADpop”.  Again, you will need to add a special character or number to make it complex.

 

  1. Choose two short words and concatenate them together or split up a long word with punctuation characters between them. For example: “dog+F18” or “comP!!UTer”.

 

  1. Use the first letter of a phrase that you would easily remember, using numbers and symbols if possible.  For example, “I love to eat vanilla ice cream” becomes “Il2evic”.

 

Attackers and programs that try to break into your account know a large number of "frequently used" passwords. Here are some guidelines to avoid guessable passwords:

 

  1. Don’t use your login name in any form (as-is, reversed, capitalized, doubled, with a prefix, with a suffix...).

 

  1. Don’t use in any form your first or last name and, more generally, any information easily obtained about you. This includes car license plate numbers, telephone numbers, insurance numbers, the brand of your car, the name of the street you currently live on, the name of your spouse or of your children.

 

  1. Don’t use a word contained in any dictionary of any language, spelling lists, or other lists of words (acronyms, sequences of letters like “abcdef” or “qwerty”, place names, car names, cartoon heroes...).   Don’t assume the same strong password should be used for every system or program you log into. If an attacker does guess it, he would have access to all of your accounts.

 

You can find numerous other examples of “complex” passwords and hints by doing a search on the internet.

 

I realize that these new rules will require you to change the way you currently handle passwords, but this slight inconvenience provides significantly more security and protection for our entire network. 

 

Additional information on these changes can be found at:  http://www.usca.edu/helpdesk/passwords.asp

 

Mike

 

Mike Lemons

Vice Chancellor for Information Technology

University of South Carolina Aiken

(803) 641-3345

mikel@usca.edu

www.usca.edu