University of Michigan - Flint

University of Michigan-Flint

Awareness Campaign - Computer Security 101

Password Security

First, don't use your UM-Flint LAN password or your UMICH (Ann Arbor or Kerberos) password for other accounts.  Use different passwords for all your accounts. Password management software like Password Safe™ (http://passwordsafe.sourceforge.net/) stores all your passwords in an encrypted form and makes using multiple passwords and/or completely random passwords more practical.

Never write your password where anyone can read it—including an unencrypted file on your computer. If your laptop were to be stolen or compromised, not only would you lose your passwords, they would be accessible to anyone searching your files. 

Follow these guidelines for creating a secure UMICH password: 

  • Select a unique password — not one you are using or have used elsewhere. Do not use a PIN number or a password used for other computing accounts like AOL or hotmail.
  • Use at least nine characters containing a mix of upper- (capital) and lower-case letters, numbers, and common punctuation. However, do not use a forward slash (/) or a space bar.
  • Random capitalization, numbers, and common punctuation always improve a password. The more varied the character set, the shorter the password can be, but please use at least nine characters.
  • The best passwords are made up. (Of course, don't use any examples shown here.)
    • Use the first letter of words in a phrase and include numbers and punctuation; for example, “Do you know the way to San Jose on US-12?” becomes “DyktwtSJoUS-12?”
    • Create a nonsense phrase like “!bunca*dinckDOc?”
      Very Bad Ideas for Any Password:
  • Do not use any normal sequence of numbers or letters, including keyboard sequences.
  • Do not use words found in any dictionary, regardless of language. 
  • Do not use simple transformations of words; for example, by:
    • adding a character before or after (!horrible or horrible!)
    • randomly capitalizing letters (HOrriBle) 
    • doubling (horriblehorrible) 
    • spelling backwards (elbirroh) 
    • removing vowels (hrrbl) 
  • Do not use anything based on personal information that someone could reasonably learn.

 

Question 3:

A good password:

A.   Is really easy for you to remember, like GOBLUE2007. 
B.  Is a long random string of numbers, punctuation and upper- and lower-case letters.
C.   Is the same for every single account you have so you don’t have to remember too many. 
D.   Is so funny that you tell everyone so they can appreciate how clever you are. 

Question 2  |  Question 4

ITS Home