In order to access IT services you are often required to log in with a username and password. There are usually rules to which a password must conform, or the attempt to change it will be rejected.

At the U of S your NSID is your primary username. When choosing your NSID password it will need to comply with certain rules. For security reasons, these passwords rules can only be viewed from within PAWS or MITS after you log in to change your password. The general guidelines below may offer some helpful ideas for selecting a password that is both strong and easy for you to remember.

You are responsible for all uses of your U of S computer account so do not share your NSID password with anyone. For more information see the Computer Use Policy.

Some University IT services do not use the NSID account for access. Service providers for non-NSID accounts will indicate password rules for that service.

Guidelines for Strong Passwords

The following guidelines will be helpful for selecting a strong password. These can be used for your NSID password when the do not conflict with the password rules. The guidelines below may be useful for selecting passwords for accounts on your home computer and for online services such as Hotmail, Google or Yahoo. For off-campus services you will need to consult the service documentation for their password rules.

Strong passwords are NOT in the dictionary for any language.

Hackers can run automated programs that try every word in the dictionary.

For similar reasons, do not choose a word written backwards.

Strong passwords are long enough to make it difficult to watch you typing it or to use brute force methods to crack it.

Generally, when choosing a password, the longer the better. Never choose a password that is less than six characters long. Password rules often regulate password length.

Strong passwords are something you feel comfortable with and that are easy to remember.

Do not choose a word based on your name (first, middle or last), your username, the name of any friends or family, or associated with anything personal that is easily obtained. For example, do not use:

• the make or model of your vehicle
• names of pets
• your student number
• your phone number
• birthdates
• your social insurance number
• your hobby

These may be easy to remember but they are also easy to break by someone who knows this information about you.

Strong passwords are not passwords you have used before.

If you have multiple services then use different passwords. If you use the same password for a number of services (e.g. Internet banking, e-mail, phone bill, desktop login, etc.), you increase the passwords exposure and likelihood of it being discovered and the ramifications are greater if it is cracked.

Strong passwords use a mixture of upper and lower case characters, numbers and symbols.

Always use both letters and numbers (alphanumeric characters) and, when allowed, use symbols or special characters. Password rules may limit which symbols and special characters can be used in the password.

 

Using mixed case characters in a password makes it even harder to guess. Passwords are usually case sensitive, so even if someone guesses the right password, they might not guess which letter you capitalized.

 

A handy technique to strengthen a password is to substitute some characters with numbers or special characters. You may also insert numbers or special characters into the password.

 

Try to use "compound passwords" made up of two completely unrelated but easy-to-remember words, such as "nosecart00n" or "shirtFoot."

Passwords must be kept secret. Never write down your password on paper, and never tell anyone else your password.

If you need help remembering your password, consider using the first letters from a sentence. For example: "Three green Martians came down to Earth"

 

The resulting password might be TgMcdtE, but if you add a "#" symbol after the first T because it is a number and if you replace the "g" with a "9" the resulting password would be T#9McdtE.

 

PLEASE DO NOT USE THE EXAMPLE ABOVE AS YOUR PASSWORD.

 

If you need to write down your password, write out a hint to help you remember instead.