Accounts

Password Information

The following password rules are currently enforced for Parnassus, Homer Admin and e-mail, but are recommended for all other systems as well. The password rules are as follows:

  • Must be at least 8 characters, but not more than 16 characters
  • Must consist of a combination of letters, numbers and one or more of the following special characters: ! (exclamation point), % (percent sign), * (asterisk), + (plus sign), - (dash or minus sign), ? (question mark), _ (underscore). No other special characters are allowed
  • Cannot contain the username for the system
  • Cannot contain any part of the user's full name
  • Will expire every 120 days
  • Cannot be a password that has been used within the last 18 months
  • May contain mixed upper and lower case letters
  • Passwords ARE case sensitive

Below are suggestions for creating secure passwords that are fairly easy to remember.

Favorite Lyrics/Phrases/Sentences
Think of a song title, phrase, or sentence that is easy to remember.  Using the example "Stairway to Heaven", by Led Zeppelin, the first line of that song is "There's a lady who's sure all that glitters is gold."  Take the first letter of each word to get Talwsatgig.  Add a number and special character to create an acceptable password.

Combine Small Words
A combination of small common words with a special character and number mixed in makes a secure password that is easier to remember.

Character Replacement
In this method, one or more letters is replaced with a similar looking number and special character. For example, Apple becomes 4pp!e, Gleam becomes 6!eam, or razzle becomes ra22!e. When used with an 8-letter word this technique generates a seemingly random string of characters that is easier to remember.

Best Practices

The following guidelines should help protect passwords from being compromised.

  • Don't share passwords with co-workers, friends, or relatives
  • Don't write passwords on a sticky note, notepad, or anything stored in or around monitors or desks
  • Don't store passwords in unencrypted or plain text files on a computer
  • Don't let others watch a password as it is typed