- 8 - 26 characters long
- With eight characters, there are approximately 4 quadrillion possible passwords.
- Each additional character beyond eight increases the number of potential passwords by a factor of 72.
- Contain characters from each of the following four groups:
- uppercase letters (A, B, C, ...)
- lowercase letters (a, b, c, ...)
- numbers (0 - 9)
- symbols (? . , _ - ~ + = $ ! ) -- only these symbols are allowed.
- Be significantly different from any previous passwords (don't use sequential passwords)
- Not contain any part of your name or username
- It important that your password should be completely different from any part of your name or username.
- The more randomness you can put into your password, the more secure it becomes (although a completely random string is difficult to remember).
- Not be a common word or name
- A word that is commonly found in the dictionary is easy for a password-cracking utility to guess.
- Most password-cracking tools can quickly scan through the dictionary (forwards and backwards) to try all words in the English language (or even another language - avoid foreign words for the same reason).
If you have trouble using the above tool to update your password, please contact the IT Help Desk at 573-341-4357 (HELP) and someone can help you over the phone.
Why do I need a password?
At Missouri S&T, your username and password allows you access to the following computing resources:
- Login to campus-standard installed systems on campus (Windows or Mac)
- The UMSystem MIS Web tools
- The Help Desk Ticket Request System
- Remote connections to campus Unix/Linux machines
- File Transfer Protocol access
- Other University of Missouri/Missouri S&T resources that require you to authenticate
Note that all of the above computing resources can be accessed by a SINGLE password. Not every user will have access to all of the resources above. Since your username allows you access to so many resources, it is important that Information Technology can verify that you are the one person authorized to use a given resource.
DOs and DON'Ts of password security
- DO have a password.
- Having a password is essential in maintaining information security. You do not want unauthorized people to read your personal email, browse through sensitive files, or tamper with your homework assignments.
- DO make passwords difficult to guess.
- Anyone who knows you has a chance of guessing your password. Use a password that is totally obscure to everyone but you.
- DO change your password frequently.
- Passwords need to be changed regularly to prevent anyone from stealing them. Every few months, you should make sure that you have changed your password. Your new password should never be the same as any of your last eight passwords. Each new password should be unique enough so that it has no connection to the previous password.
- DO store passwords securely.
- While the ultimate in password security is to never write it down, if you have multiple accounts with different passwords, or you use an account infrequently, you might feel the need to write it down. If you write it down, keep it in a very secure location. A locked strongbox, desk drawer, or cabinet is a good place, as long as you are the only one with the key or combination. Passwords should never be stored electronically.
- DO use multiple passwords for different accounts, systems, and applications.
- Your username and password is designed to grant you access to a number of computing resources. However, the same is not true for other locations around the Internet. In particular, if you have accounts set up in various places around the Internet (for example, shopping cart accounts at various vendors), then use a different username and password for each one. If a hacker gained access to one password that controlled access to multiple accounts, then that hacker could cause serious mischief. If multiple passwords are used for multiple accounts, then the security risk is much less.
- DON'T share your password with others.
- Your University username and password is for YOU. No one else should ever be allowed to access a university machine with your username and password. If you let your friend login to your account and they forget to logout, then the door is wide open for someone else to come along and mess up your account (intentionally or unintentionally). This applies in general, not just to University machines. DON'T SHARE YOUR PASSWORD!
- DON'T leave your password where others can find it.
- People have a tendency to write down passwords on post-it notes and leave them on their desks. Keep prying eyes away from your password. Do not write down your password on a post-it note and attach it to your computer monitor. (And yes, some people have been known to do this!)
You may now change your password by visiting the Change your account password page!
Note: All IT policies and procedures are subject to annual review.