Passwords are essential in IT security. Often, they are the first level of protection for your resources. A weak password can result in compromise of University IT Resources, University data, and personal data.
Password Requirements at PNW
Passwords or accounts should never be shared with anyone, including trusted friends or family. Purdue IT staff will never ask for your password in any manner! You are responsible for your account and any actions performed using it.
Passwords for University IT Resources must comply with the following standards:
- Passwords must contain at least 1 letter.
- Passwords must contain at least 1 number or punctuation mark.
- Passwords must be between 8 and 16 characters long.
- Passwords must contain more than 4 unique characters.
- Passwords must not contain easily guessed words (e.g., Purdue, itap, boiler).
- Passwords must not contain your name or parts of your name (e.g., Bill, Julie, Bob, or Susan).
- New passwords must be different than the previous password (re-use of the same password will not be allowed for one (1) year).
Your password will expire after 180 days! Depending on account permissions, passwords might expire every 90 days.
Too often, you are expected to create utterly random, complicated passwords with special characters and lots of restrictions.
The net result is ALWAYS a reduction in security because most people will write such a complicated password down in order to remember it.
Goal: Create a password that is easy to remember, but hard for anyone else to guess.
Purdue recommends using the following method for creating a password:
- Pick a phrase that is easy for you to remember, but that no one else will think about attributing to you. For example:
pass phrase: “My Wife’s Birthday Is April Twenty-Fifth Nineteen Sixty Six”
pass phrase:“Four score and seven years ago our fathers brought…”
pass phrase: “It was a dark and stormy night.”
- Use the first letter of each phrase to form an abbreviation. For example:
m – My
w – Wife’s
b – Birthday
i – Is
a – April
t – Twenty-
f – Fifth
n – Nineteen
s – Sixty
s – Six
- abbreviated pass phrase:mwbiatfnss
abbreviated pass phrase: foscanseye (the first 2 letters of each word)
abbreviated pass phrase: iwadasn
- For added security (and usually as a requirement), change one or more of the letters into numerals and/or add punctuation to reach your new password. For example:
password:mwbi4tfns6 (“a” for “April” becomes “4”, because April is the fourth month; “s” for “six” becomes “6”)
password: 4scan7ye (“fo” for “four” becomes “4” and “se” becomes “7”)
password: Iwad&sn! (“i” becomes “I”; “a” for “and” becomes “&”; added “!”)
Any of these passwords would be easy for you to figure out, but would be a nightmare for a password cracker.
The idea in this method is not that the password itself is easy to remember, but that the process that you go through to arrive at it is so simple that you find yourself re-creating the same password with the process without even thinking about it.
If you have any questions, please contact email@example.com. Information Security Services will provide more information on various cyber security topics.
Always report suspicious content to firstname.lastname@example.org. Information Security Services will review the submissions and take appropriate actions to protect PNW data.
We want to hear from you!
Submit your anonymous comments, questions, tips, or suggestions using the following survey.