Password Selection
Your password is a critical
element of the overall security of DOLPHIN and POBOX as well as of
other systems around campus and indeed around the Internet.
Avoid using obvious passwords.
"Good" passwords
are at least six characters long, aren't based on personal
information or words of any language in any way, and have some
nonalphabetic characters in them.
Basic password selection rules
Passwords must be at least 6, and no longer than 16, characters. Passwords may not be all uppercase or all lowercase. (Examples:
ivyleague, IVYLEAGUE, and jklasdf are not valid passwords.) Passwords may not contain your PennNet ID; username; your
first, middle, or last name; or any variation thereof. Passwords may not be derived directly from words or phrases of
any language. Embedding a number or case-shift within a word
does not make a valid password. Systematic password
guessing attacks are sophisticated and will routinely 'crack' such
passwords. (Examples: time2go, big$deal, ivyLeague, 2morrow,
money$, and Ivyleague are not valid passwords. Passwords may not be composed of all numbers. Embedding decimal
points, minus signs, or plus signs within a number does not make a
valid password.
(Example: 1-609-555-1212 is not a valid password.)
Inventing a password
Make up a sentence that's meaningful to you. Then use the first letter of
each word as a letter in your password; if you wish, add additional characters
to make it more difficult to guess.
Start with the phrase such as Orange elephants invade Alaska;
film at eleven. Take the first letter of each word as your password:
OeiAfae
(This is an acceptable password; it follows the rules but is hard for
someone to guess since it's essentially a random string of characters.)
To make the password even harder to guess, add punctuation,
numbers, and other non-alphanumeric symbols: OeiA;f@11
Users should expect that the password selection rules will get still more
strict over the course of time.
|
