Security :: Create and Maintain Strong Passwords

Printer-friendly versionSend to friendPDF version

Information protection starts with account protection. If your account is secure and can't easily be accessed by a stranger, the information you store in that account will also be safe. While you are associated with Humboldt State University, you are responsible for keeping your HSU account information and all activity relating to that account secure.

Be aware that sharing your password and/or other account information is a violation of HSU policy. If your password is shared or stolen, it can be used to compromise your information or hijack your email account. You will be held liable if your account is compromised as a result of your voluntarily sharing this information.

How to Create a Strong Password

Passwords are your first line of defense against an unauthorized person gaining access to your personal information. HSU requires that your password contain a minimum of 8 characters and up to 30 characters, including one or more letters (at least one of which must be a capital letter), and one or more numbers. Your password may not contain any word that appears in a standard US English dictionary.

Note: Special characters are allowed but not required; the following special characters are NOT supported by HSU's identity management system:

@[]{}$&;()'"<>

Do's and Don'ts for Creating a Strong Password

Do:

  • Mix up numbers, upper and lower case letters, and symbols.
  • Make it easy enough to type quickly to prevent others from seeing what you typed.
  • Create it from a method that makes it easy to remember. Consider choosing a line from a favorite song or poem and using the first letter of each word in that line to generate the password, for example, r-e-s-p-e-c-t, Find Out what it means to me becomes rFOwim2m=. Add numbers or symbols to this to make it even harder to guess.
  • Use two unrelated words and separate them with a punctuation mark, symbol or numbers; you could also reverse one or both of the words. For example "surf dent" would become fruS10*tned

If you're interested in mnemonics as a security device, take a look at this white paper on The Memorability and Security of Passwords: Some Empirical Results.

Don't:

  • Use your login name in any form (reversed, capitalized, and certainly not as-is)
  • Use your first, middle or last name, or your pet's, parent's, sweetheart's, or child's name

Related Topics

Policy, Security
feedback