One Step Ahead:Perfecting PennKey Passwords
April 26, 2011,
Volume 57, No. 31
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Perfecting PennKey Passwords
On March 29, the minimum length for new PennKey passwords was increased from six characters to eight characters, to make it more difficult for hackers using password-cracking tools to guess passwords. If you currently have a six- or seven-character password, we strongly recommend that you set a longer password now. The direct link for changing a known PennKey password is https://weblogin.pennkey.upenn.edu/changepassword
To construct a long (and therefore stronger) password that you can remember, try this:
• Think of a phrase that has special meaning only to you, or conversely that no one would suspect would have any meaning to you: Chester Arthur was the twenty-first President of the United States!
• Take the first letter of each word (maintaining case) to “assemble” your password: CAwttfPotUS This is a pretty strong password, and not hard to remember if you keep the source phrase in mind.
• You can make it even stronger by including the punctuation and “tweaking” it a little: CAwt21stPOTUS! Of course, since that password is published here, don’t use it as your password!
Now, to protect your password:
• DON’T share it with anyone—this violates Penn’s Policy on Acceptable Use of Electronic Resources.
• DON’T write it down and post it somewhere (like on your monitor or under your keyboard).
• DON’T send it in email. No one at Penn should ever ask you for your PennKey password.
• DON’T type it into a web site that you visit after clicking on an unsolicited link.
It may be difficult to remember a password if you use your PennKey infrequently, and resetting a forgotten password is more problematic if you are rarely on campus or travel frequently. In these cases, you may wish to enroll in Challenge-Response. This option allows you to reset your password quickly online without first obtaining a PennKey Setup Code. However, if you regularly access sensitive University data, you should NOT enroll in Challenge-Response.
For information about Challenge-Response and passwords, visit the PennKey web site at www.upenn.edu/computing/pennkey
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/