PennKey Password Rules
Passwords must be:
Password must NOT be:
- All uppercase or all lowercase. (Examples: ivyleague, IVYLEAGUE, and jklasdf are not valid passwords.)
- Your PennKey username; your first, middle, or last name; or any variation thereof.
- Based on a dictionary word.
- "Dictionary" does not simply mean a standard English language dictionary — it also includes foreign language dictionaries and all kinds of specialized dictionaries that hackers use to crack passwords.
- Embedding a number or case-shift within a word does not make a valid password. Systematic password guessing attacks are sophisticated and will routinely 'crack' such passwords. (Examples: time2go, big$deal, ivyLeague, 2morrow, money$, and Ivyleague are not valid passwords.
- Composed of all numbers. Embedding decimal points, minus signs, or plus signs within a number does not make a valid password. (Example: 1-609-555-1212 is not a valid password.)
Selecting a Strong Password
- Think of a phrase that has special meaning only to you, or conversely that no one would suspect would have any meaning to you. It can even be non-sensical, such as:
Orange elephants invade Alaska; film at eleven!
- Take the first letter of each word (maintaining case) to
"assemble" your password, and include punctuation:
This is a pretty strong password, and not hard to remember if you keep the source phrase in mind. You can make it even stronger by "tweaking" it a little by use of substitution:
Of course, since that password is published here, don't use it as your
password! For additional guidance, see Managing Passwords and Passphrases.
Last updated: Wednesday, October 2, 2013