Password Security

Why Should I Care About Password Security?

Your login name, or userID, allows you to access the resources and services associated with the University of Southern Indiana's network. If someone else determines your password, they would have full access to your files, your e-mail, personal information, and more. This intruder could modify or destroy your files, send threats via e-mail in your name, or subscribe to unwanted services for which you'd have to pay. A stolen user account could be utilized to expose/steal other network resources within the University. An insecure password can easily wreak havoc in your life. Therefore, all USI faculty, students, and employees (including contractors and vendors with access to USI systems) are responsible for ensuring their accounts are protected by secure passwords.

Password Restrictions/Requirements

• Password must contain at least 12 characters
• Password cannot contain your username (John Smith could not use jsmithxxx)
• Password cannot contain your first or last name
• Password must contain characters from at LEAST 3 of the 4 categories below

1. Upper Case Letters: A, B, C..
2. Lower Case Letters: d, e, f...
3. Numbers: 1, 2, 3...
4. Special Characters: ~, !, @, #, $, %, ^, &, (, ), +, <, >, ?...

GOOD Password examples:
    read#Books2me    -has uppercase, lowercase, numbers, special character and 13 characters in length
    Clown7elephant - has uppercase, lowercase, number and 14 characters in length
    wewantMORE$$ - has Uppercase, lowercase, special character and 12 characters long

 BAD Password examples:
   Basketball2    - has 3 categories, but too short in length, TOO EASY TO GUESS
   october102018 - has only 2 categories- needs uppercase or special character

Tips to create a Complex Password

• Creating a "pass phrase" is one way that helps to memorize a complex password.  example:  IHave3DogsatHome
• Put your capital letters within the text (not just at the beginning - see previous example)
• Put your numbers within the text (not just at the end - see 3 dog example)
• Use special character as your space between words: sw33t%Simple

Password Caveats (Should Not)

• Passwords should not be shared or written down. Treat your password like Kleenex, once shared with a friend don't use it again.
• Passwords should not be a word found in a dictionary (even foreign).
• Passwords should not contain any form of your name or userID. Don't use obvious passwords like "password", "guest", "user", or "admin".
• Don't use personal information, such as names of family members or pets, your date of birth, social security number, or other similar information as part of a password. Since such information may be public, you should not use it in a password, even in combination with other characters.
• Don't use common words or acronyms; spelled forwards or backwards.
• Passwords should never be a word found in a dictionary (even foreign). Instead, use two or more words joined together. Or, use a combination of words and numbers.

Protecting Yourself Against Password Loss

• DO NOT record your password on a post-it note stuck to your monitor or slid under your keyboard.
• If you have a secure location, such as a safe or a locked desk drawer, you may want to store a written copy of your passwords there. DO NOT record your userID in the same location.
• Log off your computer at the end of the day.
• Use a password-protected screen saver if you leave your computer, even for a few minutes.
• If you think your password has been compromised, change it immediately.
• Remind everyone in your work area or office to change his or her passwords if someone in the group is suddenly put on disciplinary leave, or is fired.

Writing down your password

There is a rule of thumb in the security community that one should never write down a password. Writing down a password increases the risk of it falling into the wrong hands. However, the practice this document suggests is such that it is often difficult to remember a password. The requirement for remembering more than one password further complicates the situation. If this is the case, then you could record them, but make sure that they are stored in a secure place - white boards, sticky notes on your monitor, and under your keyboard are not considered secure. Passwords should never be recorded with your userID as you would never record your pin number on your bankcard.

Forgotten Passwords

If you have forgotten or are having difficulty with your password, click here for assistance.

If you should have any questions regarding these services, please contact our Help Desk at (812) 465-1080 or by clicking the Contact us link in the top right of this page.