Why do I need a password?

At Missouri S&T, your Single Sign-on (SSO) User ID and password allows you access to the following computing resources:

• Email
• Login to campus-standard installed systems on campus (Windows or Mac)
• The UMSystem MIS Web tools
• The Help Request System
• Remote connections to campus Unix/Linux machines
• FTP access
• PeopleSoft
• Other UM/Missouri S&T resources that require you to authenticate

Note that all of the above computing resources can be accessed by a SINGLE password. Not every user will have access to all of the resources above. Since your SSO User ID allows you access to so many resources, it is important that Information Technology can verify that you are the one person authorized to use a given resource.

All university passwords must conform to the following standards.

Missouri S&T Password Standards

Passwords must:

• Be 8 - 26 characters long
  • Missouri S&T's password management tools cannot handle a larger password and the UM System has mandated that all UM campuses have passwords that are at least eight characters long.
  • More is better. With eight characters, there are approximately 4 quadrillion possible passwords.
  • Each additional character beyond eight increases the number of potential passwords by a factor of 72.
• Contain characters from each of the following four groups:
  • uppercase letters (A, B, C, ...)
  • lowercase letters (a, b, c, ...)
  • numerals (0 - 9)
  • symbols (? . , _ - ~ + = $ ! ) -- only these symbols are allowed.
• Be significantly different from any previous passwords (don't use sequential passwords)
• Not contain any part of your name or SSO User ID
  • It important that your password should be completely different from any part of your name or SSO User ID.
  • The more randomness you can put into your password, the more secure it becomes (although a completely random string is difficult to remember).
• Not be a common word or name
  • A word that is commonly found in the dictionary is easy for a password-cracking utility to guess.
  • Most password-cracking tools can quickly scan through the dictionary (forwards and backwards) to try all words in the English language (or even another language - avoid foreign words for the same reason).

DOs and DON'Ts of password security

DO have a password.

Having a password is essential in maintaining information security. You do not want unauthorized people to read your personal e-mail, browse through sensitive files, or tamper with your homework assignments.

DO make passwords difficult to guess.

Anyone who knows you has a chance of guessing your password. Use a password that is totally obscure to everyone but you.

DO change your password frequently.

Passwords need to be changed regularly to prevent anyone from stealing them. Every few months, you should make sure that you have changed your password. Your new password should never be the same as any of your last eight passwords. Each new password should be unique enough so that it has no connection to the previous password.

DO store passwords securely.

While the ultimate in password security is to never write it down, if you have multiple accounts with different passwords, or you use an account infrequently, you might feel the need to write it down. If you write it down, keep it in a very secure location. A locked strongbox, desk drawer, or cabinet is a good place, as long as you are the only one with the key or combination. Passwords should never be stored electronically.

DO use multiple passwords for different accounts, systems, and applications.

Your SSO User ID and password is designed to grant you access to a number of computing resources. However, the same is not true for other locations around the Internet. In particular, if you have accounts set up in various places around the Internet (for example, shopping cart accounts at various vendors), then use a different SSO User ID and password for each one. If a hacker gained access to one password that controlled access to multiple accounts, then that hacker could cause serious mischief. If multiple passwords are used for multiple accounts, then the security risk is much less.

DON'T share your password with others.

Your University SSO User ID and password is for YOU. No one else should ever be allowed to access a university machine with your SSO User ID and password. If you let your friend login to your account and they forget to logout, then the door is wide open for someone else to come along and mess up your account (intentionally or unintentionally). This applies in general, not just to university  machines. DON'T SHARE YOUR PASSWORD!

DON'T leave your password where others can find it.

People have a tendency to write down passwords on post-it notes and leave them on their desks. Keep prying eyes away from your password. Do not write down your password on a post-it note and attach it to your computer monitor. (And yes, some people have been known to do this!)

You may now change your password by visiting the Change your account password page!

All IT policies and procedures are subject to annual review.