INTRODUCTION

Passwords play an important role in information and network security. Passwords are used to protect user accounts, University systems and data. However, a weak password has the potential to compromise the security of a computer system and, in a worst case scenario, could put the entire network at risk.

 

 

GENERAL

Your password, combined with your username, provides accountability for:

account logon and logoff

modifications made to system data and resources

 

Thus, sharing your password with friends could result in persons gaining unauthorised access to resources. If any illegitimate changes are made to these resources you, the owner of the account, may be held responsible.

 

Additionally, your password should never be the same as your username or student/staff ID.

 

PASSWORD CREATION GUIDELINES

A good password is relatively easy to remember but hard for someone else to guess. There are a number of techniques for creating secure passwords. Listed below are some guidelines and examples:

• Passwords should be changed every 90 days.
• Old passwords should not be reused for a period of 9 months.
• Passwords should not be based on personal information. Personal information includes names, login ID, birthdays, phone numbers etc.
• Passwords should contain at least 6 characters. Passwords should fulfil the complexity requirements. They should contain at least 2 of the following: a capital letter, a number or a special character.
• Passwords should not be words found in the dictionary (English or foreign) or publicly known jargon or slang.
• Passwords should not be based on publicly known characters from books, films or television.
• Passwords should not be based on a company’s name or geographic location. Passwords should not be trivial, predictable or obvious.

EXAMPLES: TECHNIQUES FOR CREATING PASSWORDS

1. Use a word with additional characters included.
   Examples: @n$W3r!, M0n+D4y, Br!dg3*t0Wn
2. Drop vowels or keep the first 6 letter of a long word or two words.
   Examples: security => se*cu!r : clean desk => cLn#1dsK
3. Combine two short unrelated words, an arbitrary special character and a number. [word1, special character, word2]
   Examples: [pants, &, phone] => P@nt$&pH0n3 : [oxen, 4, sky] => 0xEn4$kY
   
   IMPORTANT: [car, |, wheel] => c@R|Wh33L would be considered a bad example since they could be considered closely related.

 

 

PASSWORD RULES

 

• Refrain from giving your passwords to others
• Don’t use only letters or only numbers within your password – remember to incorporate special characters and numbers
• Do not write your password on post-its and stick them on your monitors or under your keyboards. This is an insecure practice. Take the time to learn and memorise your password. If they must be written, store them in a safe(r) place such as your handbag or your wallet.
• Do not use passwords which are presented in documents such as this one. These passwords can now be regarded as public and could be added to a rainbow dictionary.
• Refrain from using keyboard sequences such as qwerty, asdfg or qazwsx etc