Security :: Passwords and Digital Identities

Printer-friendly versionSend to friendPDF version

HSU has implemented an overarching access management system for on-campus computer systems. Every student, staff, and faculty member is provided with a unique HSU User Name when they officially enter the university population, and accounts and permissions are automatically created based on their role at the university.

The HSU User Name is also the individual's HSU email address before the @ symbol. Users are able to set their passwords and manage other issues around their campus identity through the Account Center.

ITS enforces strong passwords and regular password expiration cycles, and limits the number of times anyone may attempt to log into an HSU system before access is blocked, using a range of secure authentication tools:

  • Password manager softwareSecure applications that store and manage user names and passwords. We researched the top-rated and most secure password managers and recommend our the top three. 
  • Password expirationHSU requires all staff, faculty, and students to change their passwords on a regular basis. If you receive an email informing you that your HSU Password is scheduled to expire, you MUST go to the Account Center and change your password BEFORE the expiration date, otherwise you won't be able to log in
  • Single sign-on security Single sign-on is the technology used in the myHumboldt portal to provide easy access to many HSU services. This page provides tips and information to help you protect yourself and others in a single sign-on environment.
  • Secure authentication - under the hoodCheck out this page for a more detailed technical explanation of how HSU's digital identity management architecture works.

Below are some tips for creating effective strong passwords and managing your passwords securely. 

How to create strong passwords

HSU requires that your password contain between 8 and 30 characters, including one or more letters, one or more numbers, and at least one special (non-alphanumeric) character. A special character might be one of the following:

#%*+,-. /:=?\^

Note: The following special characters are NOT supported by HSU's password program:

@[]{}$&;()'"<>

Do's and Don'ts for Creating a Strong Password

Do:

  • Mix up numbers, upper and lowercase letters, and symbols.
  • Make it easy enough to type quickly to prevent others from seeing what you typed.
  • Create it from a method that makes it easy to remember. Consider choosing a line from a favorite song or poem and using the first letter of each word in that line to generate the password, for example, r-e-s-p-e-c-t, Find Out what imeans tme becomes rFOwim2m=. Add numbers or symbols to this to make it even harder to guess.
  • Use two unrelated words and separate them with a punctuation mark, symbol or numbers; you could also reverse one or both of the words. For example "surf dent" would become fruS10*tned
  • If you're interested in mnemonics as a security device, take a look at this white paper on The Memorability and Security of Passwords: Some Empirical Results.

Don't:

  • Use your login name in any form (reversed, capitalized, and certainly not as-is)
  • Use your first, middle or last name, or your pet's, parent's, sweetheart's, or child's name
  • Use a common dictionary word

Basic rules of secure password management

  • Never use your HSU password on ANY system outside of HSU. User names and passwords used on social networks sites are often sold to hackers.
  • Never share your password with anyone. This is a violation of the CSU Responsible Use Policy and you may be held legally or financially responsible.
  • Use a secure password manager to store your passwords and other account credentials
  • Never write your password down unless the paper on which it is written is stored in a locked cabinet.
  • Always make a complex password.
  • Never store your password in a regular document file like Word or Excel - these are very easy for anyone to read.
  • Never send passwords in an email. HSU staff will NEVER EVER ask you to send your password in an email, but phishers will.

All users are required to change their HSU password regularly as part of a larger effort to make campus computing systems more secure and to comply with Federal, State, and CSU policies and standards. When you receive an email informing you that your HSU password is scheduled to expire, you must go to the Account Center and change the password before the expiration date.

If you have questions or concerns about password security, contact the Campus Information Security Officer at (707) 826-3815 or security@humboldt.edu.

 
feedback