Office of Information Technology ISU A-Z Calendar MyISU Search Indiana State University

Strong passwords have the following characteristics:

Contain both upper and lower case characters (e.g., a-z, A-Z)

Are at least eight alphanumeric characters long.

Is not a word in any language, slang, dialect, jargon, etc.

Are not based on personal information, names of family, etc.

Passwords should never be written down or stored on-line. Try to create passwords that you can easily remember.

Weak passwords have the following characteristics:

The password contains less than eight characters

The password is a word found in a dictionary (English or foreign)

The password is a common usage word such as: names of family, pets, friends, co-workers, fantasy characters, etc.

Computer terms and names, commands, sites, companies, hardware, software.

Contain words like "Indiana State University", "ISU", "indstate" or any derivation.

Have birthdays and other personal information such as addresses and phone numbers.

Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.

Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

Password Protection Standards

Do not use the same password for Indiana State University accounts as for other non-Indiana State University access (e.g., personal ISP account, option trading, benefits, etc.).

Do not share Indiana State University passwords with anyone, including administrative assistants or secretaries. All passwords are to be treated as sensitive, confidential Indiana State University information.

Here is a list of "dont's":

Don't reveal a password over the phone

Don't reveal a password in an email message

Don't talk about a password in front of others

Don't hint at the format of a password (e.g., "my family name")

Don't reveal a password on questionnaires or security forms

Don't share a password with family members

Don't reveal a password to co-workers while on vacation

If someone demands a password, refer them to this document or tell them contact the Help Desk at x2910.

Never use the "Remember Password" feature of applications (e.g., Internet Explorer, Eudora, OutLook, Netscape Messenger).

Do not write passwords down and store them anywhere in your office.

Do not store passwords in a file on any computer system (including Palm Pilots or similar devices) without encryption.

Change passwords at least once every 180 days (except system-level passwords which must be changed quarterly)