Personal tools
You are here: Home Safeguards Passwords and Passphrases Passwords & Passphrases
 

Passwords & Passphrases

Many people use passwords but creating a passphrase (password created from a phrase) is a bit more secure and harder to guess

SafeguardsLogo

Ask Yourself

  • Did you create your password using a password generator?
  • Does your password appear in a dictionary in any format (forward/backwards)?  This includes English and foreign language dictionaries, baby name books, etc.
  • Do you write your passwords down?
  • Is your password (or even a part of it) the name of anything (e.g., people, place, thing)?
  • Is you password known information about you (e.g., telephone number, birthday, address, etc.)?
  • Is it all letters or numbers in a sequence (e.g., CDEFGHIJ or 4567890)?
  • Does it begin with a number?
  • Have you had the same password on an account for more than 3-4 months at a time without changing it?
  • You use the same password for every account you have?
  • You haven't changed your default password?
  • Your password is 7 or fewer characters?
  • Your password is the same or just slightly different than your username?

If you answered yes to one of these questions you could have a compromised password.

Did You Know?

  • 66% of US employees write down passwords in unsafe places. (Absolute software)
  • 63% of Americans use roughly the same password for different online accounts (Secure Portability)
  • Only 14% of business users use a different password for each site (Secure Portability)

Why My Password/Passphrase is Important

When you access EKU's computing services, using your e-key (username and password)  proves who you are.

If someone else has this information, your electronic life becomes available to them and you are a great risk of becoming a victim of identity theft.

Your e-key information gives others the power to:

  • Access your network drive (W:) and destory files, including websites and electronic portfolios
  • Access your grades and classes in Blackboard
  • Use up your $25/semester print account
  • Access the computers in the labs, residence hall lobbies and campus wireless--committing fraud or distributing things like child pornography while masquerading as you
  • Sending malicous emails in your name

If anything malicious or criminal is done through your e-key account, you will have to prove you are not the culprit.

NEVER TELL ANYONE YOUR PASSWORD, even family, significant others and EKU faculty or staff.

WAIT!  I went to ResNet or the IT help desk in Combs and they asked for that information.  True, this information is sometimes requested by IT staff when you solicit their help for your computing problems.  We highly recommend you change your password immediately after their service is complete, however.

 

Dos and Don'ts of Passwords/Passphrases

  • Don't write it down.  If you have a difficult time remembering your passwords use a password manager program (see "Software" link on the right-hand menu).
  • Don't let anyone observe you entering it.  It is especially important to be aware of your environment in public areas such as labs and lobby computer clusters.
  • Use a passphrase (see examples below)...a sentence that you derive a password from
  • Use at least 8 characters (this is required by EKU).  The more characters you use, the more difficult it will be to crack.  Also use at least one number (this is also required by EKU).
  • Never use dictionaries or random generators--hackers have those too.
  • Don't use a password example from a website.
  • Make sure each account has a separate password.  This way if one account is compromoised all are not.
  • Always change a default password.
  • Don't use your name (in any combination) or nickname or the names of anyone/anything else.
  • Don't use common numbers like a telephone or social security number or license plate.
  • Don't use simple patterns (12345678) or (a1b2c3d4e5)
  • Do not start with a number.
  • FOR EKU ONLY: Special characters are not allowed.

 

When To Change Your Password/Passphrase

  • If it doesn't meet these guidelines
  • If you had the same password on an account for more than 3 months
  • If you've told anyone your password
  • If you've written down your password anywhere
  • If you think your account has been compromised

 

EKU Password Protocol

Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of the universities or your personal resources or networked computer systems. As such, all Eastern Kentucky University employees are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

Password History Requirements

  • Description: Determines the number of unique new passwords a user must use before an old password can be reused.
  • Current Setting: 2

Maximum Password Age

  • Description: Determines how many days a password can be used before the user is required to change it. Banner will disable the account if after expiration the password is not reset after 60 days.
  • Setting: 90 days.

Minimum Password Age

  • Description: determines how many days a user must keep new passwords before they can change them again.
  • Setting: 1 Day (24 hours).

Minimum Password Length

  • Description: Determines how short passwords can be.
  • Setting: 8 characters.

Password Complexity Requirements

  • Description: Ensures user passwords meet the following requirements:

    • The password must be at least eight characters long.
    • The first character must be alpha
    • The password must consist of alpha and at least 1 numeric character.
    • Valid password characters are – alpha (A-Z) and numeric (0-9). Special characters are not allowed. Note: Banner alpha characters are not case sensitive.

Lockout Policy

  • Description: Determines the number of failed logons allowed before the account is locked for a certain period of time.
  • Setting:Threshold set to multiple failed attempts and auto unlock after 10 minutes.

Inactivity Period

  • Description: Length of time of client inactivity before re-authentication is required.
  • Setting: 30 Minutes.

 Additional information

  • IT Account IDs: There are currently two main ITDS computer accounts.

    • E-Key – For email, Blackboard, Active Directory. Its form is last name, first initial.
    • Banner – For Banner access. It’s form is last name, first name.

Future plans include combining these accounts in order to form a single-sign on for all systems.

Creating a Passphrase (Non-EKU sites)

  • Betty was smoking tires in her peace pipe and playing salmon (Passphrase=Bwstihppaps).  Why is this good?  It is random and something no one would randomly guess.  It is better than using a common phrase like "There is a sucker born every minute" or "Look before you leap"
  • Jim has found four apples and a violin at his chair (Passphrase=Jhffaaavahc) or mix it up for this passphrase (Jhf4a&av@hc)
  • Use numbers and special characters for letters and words like: 1=i, 2=to, too, two, 3=e, 4=A, 5=s, 8=ate, @=at, $=s, &=and, *=star, 0=o, or z=2.  Be creative!  (Passphrase=c@t$+d0g5)

Where to Change Your EKU Password

Students

Faculty/Staff

 

 

 

 

Document Actions