Print This Issue

One Step Ahead:Perfecting PennKey Passwords

April 26, 2011, Volume 57, No. 31

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Perfecting PennKey Passwords

On March 29, the minimum length for new PennKey passwords was increased from six characters to eight characters, to make it more difficult for hackers using password-cracking tools to guess passwords. If you currently have a six- or seven-character password, we strongly recommend that you set a longer password now. The direct link for changing a known PennKey password is https://weblogin.pennkey.upenn.edu/changepassword

To construct a long (and therefore stronger) password that you can remember, try this:

• Think of a phrase that has special meaning only to you, or conversely that no one would suspect would have any meaning to you: Chester Arthur was the twenty-first President of the United States!

• Take the first letter of each word (maintaining case) to “assemble” your password: CAwttfPotUS   This is a pretty strong password, and not hard to remember if you keep the source phrase in mind.

• You can make it even stronger by including the punctuation and “tweaking” it a little: CAwt21stPOTUS! Of course, since that password is published here, don’t use it as your password!

Now, to protect your password:

• DON’T share it with anyone—this violates Penn’s Policy on Acceptable Use of Electronic Resources.

• DON’T write it down and post it somewhere (like on your monitor or under your keyboard).

• DON’T send it in email. No one at Penn should ever ask you for your PennKey password.

• DON’T type it into a web site that you visit after clicking on an unsolicited link.

It may be difficult to remember a password if you use your PennKey infrequently, and resetting a forgotten password is more problematic if you are rarely on campus or travel frequently. In these cases, you may wish to enroll in Challenge-Response. This option allows you to reset your password quickly online without first obtaining a PennKey Setup Code. However, if you regularly access sensitive University data, you should NOT enroll in Challenge-Response.

For information about Challenge-Response and passwords, visit the PennKey web site at www.upenn.edu/computing/pennkey


For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/



Almanac - April 26, 2011, Volume 57, No. 31