Password Guidelines

Back to Technical FAQ
Need for a good Password

It is important to the security of the entire department that your password be secure. - "A system is only as secure as its least secured account". Even if you rarely use your account here it is important to the rest of the department that your account be secure from intruders. Random testing will be done and accounts with insecure passwords will be disabled.

  • There has been ever increasing number of attacks on internet systems worldwide. To thwart those attacks your password needs to be secure.
  • Why increase in attacks? - In most cases they are searching for your personal information to be used for identity theft purposes. Additionally, they may be looking for confident research information.
  • Passwords should have at least 8 characters and contain at least three different character classes (uppercase, lowercase, digit, special character) to be sufficiently secure.

Tips for Password Security
  1. Passwords must be composed of a string of characters which are entirely random to anyone except you.
  2. Passwords should never be formed from names, places, or any word that appears in a dictionary or atlas in any language. Adding numbers or replacing letters with numbers within words is a good method for setting a password.
  3. Don't write it down on your desktop, commit it to memory.
  4. Change it every few months.
  5. Do not give it out to any other person, ever.
  6. Never use an unencrypted service such as telnet, ftp, unsecured pop3/imap, etc. to log in anywhere.
  7. Use a different password for each account you have.
  8. Use a free password manager (which will remember passwords for you).

Guidelines for choosing a secure password
  • Use a memorable month and year combination: Example "November2015!" (Make sure you don't use your birthday, it can be guessed).
  • Use 0's instead of o's and 1's instead of l's: Example "I love sb" will become "I 10ve sb".
  • Use Passphrases: Example "My 1st Pet".
  • Combine unrelated words: Example "Windows+Football", "Pizza&Tiger".
  • First Letters of Words in a Sentence: Think of a sentence, then use the first letter of each word or substitute numbers and punctuation appropriately. Ex, "Twinkle, twinkle, little star, How I wonder what you are!" becomes the password "Ttl*Hiwwur!".
  • Use misspelled words: Example "WhutdooUmeenIkan'tSpel?"
  • Reverse of a word/sentence: Example "My Password!" will become "yM drowssaP!".
  • Shift the characters in a sentence based on keyboard layout: Example "foo bar" will become "gpp nst". Note that in general keyboard layouts 'f's next character is 'g', 'o's next character is 'p', 'b's next character is 'n' and so on.

Department of Computer Science • Stony Brook University, Stony Brook, NY 11794-4400 • 631-632-8470 or 631-632-8471

 Stony Brook University Home Page    |    Search Stony Brook   |   SOLAR