The following password rules are currently enforced for Parnassus, Homer Admin and e-mail, but are recommended for all other systems as well. The password rules are as follows:
- Must be at least 8 characters, but not more than 16 characters
- Must consist of a combination of letters, numbers and one or more of the following special characters: ! (exclamation point), % (percent sign), * (asterisk), + (plus sign), - (dash or minus sign), ? (question mark), _ (underscore). No other special characters are allowed
- Cannot contain the username for the system
- Cannot contain any part of the user's full name
- Will expire every 120 days
- Cannot be a password that has been used within the last 18 months
- May contain mixed upper and lower case letters
- Passwords ARE case sensitive
Below are suggestions for creating secure passwords that are fairly easy to remember.
Think of a song title, phrase, or sentence that is easy to remember. Using the example "Stairway to Heaven", by Led Zeppelin, the first line of that song is "There's a lady who's sure all that glitters is gold." Take the first letter of each word to get Talwsatgig. Add a number and special character to create an acceptable password.
Combine Small Words
A combination of small common words with a special character and number mixed in makes a secure password that is easier to remember.
In this method, one or more letters is replaced with a similar looking number and special character. For example, Apple becomes 4pp!e, Gleam becomes 6!eam, or razzle becomes ra22!e. When used with an 8-letter word this technique generates a seemingly random string of characters that is easier to remember.
The following guidelines should help protect passwords from being compromised.
- Don't share passwords with co-workers, friends, or relatives
- Don't write passwords on a sticky note, notepad, or anything stored in or around monitors or desks
- Don't store passwords in unencrypted or plain text files on a computer
- Don't let others watch a password as it is typed