skip to primary navigationskip to content

College Password Policy

Why we need a strong password

In a recent study of passwords, the top 10,000 most commonly used passwords were used by 98.8% of all users.  Of the top 1,000 passwords 91% were used by all users.

 

Some examples of using a standard desktop PC to brute force guess your password:

Password Time to guess
charlie or Charlie

Instantly  (in Top 50 of most used passwords)

Charlie1

Instantly  (in Top 1,040 of most used passwords)

Ch4rl13

14 minutes

Charlie65

39 days

Charlie1965

412 years

Charlie1965=

344,000 years

Charlie1965=!=

2 billion years

 

This demonstrates how appending a few extra characters that can be easy to remember can dramatically protect your password from brute force attacks. 

However the passwords above also highlight a problem with using a name and date in your password - it passes the complexity rules and appears to take a long time for brute force guess, but with a little knowledege about who you are trying to hack it can make it trivial to do too. 

For the above if one of my names or family members names were Charles and there was a family birthday in 1965 a good hacker would use this information to target likely passwords before random ones.  Guessing Charlie1965 would become trivial...

 

College Password Policy

Minimum Password Length 9 characters  (14 or more would be ideal)
Complexity Requirements

Passwords must not contain any part of your Account Name.  i.e. for say Fred Bloggs, using either "Fred" or "Bloggs" in your password will be disallowed.

Passwords must contain characters from three of the following five categories: 

  • Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)

  • Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)

  • Base 10 digits (0 through 9)

  • Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

  • Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages
Password History You cannot use your current or last used password again
Logon Attempts After 5 unsuccessful logon attempts your account will be locked and you will need to contact the IT Dept to have it unlocked.
Unique Passwords

Please do not use the same or a similar password that you use for Raven.

Please do not use the same or a similar password that you use for any of your home computers.

Please do not use the same or a similar password that you use for any online accounts - ie. Bank Account, Amazon, Google, etc.,

 

Stuck for a password?

try: http://tools.arantius.com/password

or use a short sentence

What to do  Example
Start with a short sentence thats special to you  I want a strong password
Remove the spaces between the words  Iwantastrongpassword
Add odd capitals and mis-spell or use shorthand  IwntAstrONGpasswd
Add numbers that are meaningful but not your birthday  IwntAstrONGpasswd28

 

or you can start with a longer sentence or phrase

What to do Example
Start with a long sentence thats special to you  All I want for Christmas is a really strong password
Remove the spaces between the words  AIwfCiarsp
Add special characters or numbers  AIwfCiarsp25?

 

 

 From: http://xkcd.com/936/