blank            Text Only
Navigation Bar Starts Here
 Sites of Interest
UW Oshkosh
Info. Technology
Academic Computing Link
Academic Comp. Staff
ACUG
blank
 Search
Web Search
E-Mail Lookup
blank
 Resources
Account Info & Policies
World Wide Web
E-Mail
Novell Accounts
UNIX
Computer Labs
Hardware and Software
Off-Campus Access
Newsletters

UW Oshkosh Link
blank
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Academic Computing Link
Password Guidelines
Now that the University of Wisconsin Oshkosh is connected to the Internet, protecting our computer accounts is even more important. Because we are on the Internet, you can log into your UW Oshkosh computer account(s) from Florida, Texas, Japan, Sweden, etc.; but so can thousands of others if you have a easily guessed password.

If you have an account on a Novell server, or a Sun machine, please take time to make sure your account is safe from a break-in.

You may ask, "why do I care if someone logs into my account, there's nothing there anyone else would want". When someone logs into your account, the computer logs that you have logged in, whether it was you or not. If someone attempts to break into other accounts, or sends insulting messages to other people, or sends programs with a virus to others, from YOUR account, the computer logs say it is YOU doing it. See the UW Oshkosh Acceptable Use Policy for complete information about your Responsibilities and Inappropriate Usage examples.

If you're not sure if you have a computer account, or if you have questions or problems with your E-Mail password or any other UW Oshkosh system, send E-Mail to ACSHELP or phone 424-3020.

The following, taken from the Site Security Handbook Working Group, are guidelines to help with password selection:

  • DON'T use your login name in any form (as-is, reversed, capitalized, doubled, etc.).
  • DON'T use your first, middle, or last name in any form.
  • DON'T use your spouse's or child's name.
  • DON'T use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the make of your automobile, the name of the street you live on, etc.
  • DON'T use a password of all digits, or all the same letter.
  • DON'T use a word contained in English or foreign language dictionaries, spelling lists, or other lists of words.
  • DON'T use a password shorter than six characters.
  • DO use a Sun password with mixed-case letters. This does not apply on VaxA or Novell because upper and lower case letters are treated the same in usernames, passwords, filenames and commands.
  • DO use a password with non-alphabetic characters (digits or punctuation).
  • DO use a password that is easy to remember, so you don't have to write it down.
  • DO use a password that you can type quickly, without having to look at the keyboard.

Methods of selecting a password which adhere to these guidelines include:

  • Choose a line or two from a song or poem, and use the first letter of each word.
  • Alternate between one consonant and one or two vowels, up to seven or eight characters. This provides nonsense words which are usually pronounceable, and thus easily remembered.
  • Choose two short words and concatenate them together with a punctuation character between them.

You should also change your password periodically, usually every three to six months. This makes sure that an intruder who has guessed a password will eventually lose access, as well as invalidating any list of passwords they may have obtained.

How do you change your password?


This page is maintained by:
UW Oshkosh Webmaster
URL: http://www.acs.uwosh.edu/vms/pass_guide.shtml
Last updated: Tuesday, August 10, 2004 - 04:15 PM