Password Security

Passwords play a critical role in the security of University data. It is important for your password to be sufficiently complex that it is not easily guessed by others or easily cracked with a password cracking program. Passwords to critical administrative systems such as Jenzabar, Raiser’s Edge, PowerFAIDs and EMAS should be treated with particular care. Below are guidelines relating to password security that IT Services recommends for all users. They should be followed for all University password protected systems.

Passwords must:

• Be at least 8 characters in length
• Contain 3 of the following 4 character types
• Upper case
• Lower case
• Number
• Symbol
• Be changed at least every 6 months

Why are these requirements important? As an illustration, a 5 character password containing only lower case characters can be cracked by a password cracking program in approximately 2 minutes. A password that meets the criteria above will generally take 70 years to crack under the same circumstances.

NOTE : The following directions apply to Selwyn Campus users connected to our Novell server. Remote campus users such as PSN will need to contact IT Services for help changing passwords.

How to Change Your Password in Windows 2000/XP

1. Hit the Ctrl-Alt-Del keys on your keyboard simultaneously.
   
2. Click the Change Password button.
3. Highlight both the QCS and the Queens resource on the left hand side of the window
   
4. Type in your old and new passwords.

By selecting both the QCS (Windows Domain) and Queens (Netware)resources you can change both of these passwords at once while keeping them synchronized.

Changing Other Passwords :

Administrative systems such as the Jenzabar can house some of the most sensitive data. Access information for these systems should be among the most securely guarded. For the Administrative systems below, contact the party listed to the right to implement a password change.

For Raiser’s Edge:

• Login to your RE account.
• At the top open the EDIT menu and select CHANGE PASSWORD.

Tips for Choosing a Secure and Easy to Remember Password

1. Substitute numbers and special characters for letters in words.

For example:

• 1= “i”
• 2 = “to”, “too”, ”two”
• 3 = “e”
• 4 or @ = “a”
• 5 or $ = “s”
• & = “and”
• 8 = “ate”* = “star”
• @ = “at”
2. 2. Use punctuations, including mathematical operation with words or between words.
3. 3. Choose a line from a song, a poem or a movie title and use the first letter of each word
4. 4. Use short phrases and intentionally misspell words.

Other Do’s and Don’ts of Password Security

• Do come up with a way to help you remember your passwords.
• Do use a password with non-alphabetic characters like digits, symbols or punctuation.
• Do change your password periodically.
•  Don’t use your login name, first name, last name, spouse’s name or child’s name in any form in your password.
• Don’t use your birthday, a family member’s birthday, your social security number, street address number or telephone number in your passwords.
• Don’t use a word contained in the English language (a dictionary word.
• Don’t use a password shorter than 8 characters.
• Don’t share your user account passwords with anyone.
• Don’t write your password on a piece of paper and stick it to your monitor or other obvious place.
• Don’t leave your machine logged in and unattended. This poses a security risk against which no password can protect.
• Don’t sign up for online services or non-queens accounts using your Queens login credentials.