Faculty/Staff Reminder: Register with the Password Reset System
The staff in IT Operations takes seriously the responsibility of keeping your messages and files confidential. The network you use has extensive system security. However, much depends upon you, the user of these systems, to keep your accounts secure. Every year thousands of computers are illegally accessed because of weak passwords. The following is a list of the things a user should not do:
- Write down a password on a sticky note placed on or near your computer.
- Use a word found in a dictionary. That's right, a dictionary. Any dictionary!
- Use a word from a dictionary followed by 2 numbers.
- Use the names of people, places, pets, or other common items.
- Share your password with someone else.
- Use the same password for more than one account, and for an extended period of time.
- Use the default password provided by the vendor.
Network Password Frequently Asked Questions (FAQs)
Passwords are one of the first lines of defense that users have to protect their systems. Unfortunately, people are not accustomed to remembering difficult passwords consisting of numbers and weird characters. The ever-increasing number of passwords required to work in today's world only makes this problem worse. Many people have compensated for this problem by writing down their password and keeping that information in an unsecured area, like stuck to a computer screen.
One of the first things a hacker will attempt to do against a system is run a program that will attempt to guess the correct password of the target machine. These programs can contain entire dictionaries from several different languages. In addition to words found in dictionaries, these programs often contain words from popular culture such as science fiction movies and novels.
Hackers like to attack people's weaknesses. One of the major weaknesses is the reluctance to remember several, long, difficult-to-guess words such as passwords. Therefore, once one is chosen, the likelihood that the same password is used for several accounts is very high. This is similar to the problem with default passwords because users have a tendency to keep the same password for a long period of time, thereby allowing the attacker that much more time to gain access to a system.
Remember: If you allow others such as a friend or colleagues to use your account you are:
- Violating TMCC's Information Technology Operations and NSHE policy and procedures
- Responsible for any act that person might do while they use your account. You have a responsibility for your account and what happens with it.
The following table is provided to give you an idea your password's security.
|Characters In Password||Probability of Guessing the Password|
|1||1 in 10|
|2||1 in 100|
|3||1 in 1,000|
|4||1 in 10,000|
|5||1 in 100,000|
|6||1 in 1,000,000|
|7||1 in 10,000,000|
|8||1 in 100,000,000|
As you can see, the longer your password is the harder it would be to guess. Passwords on our systems are encrypted so even the staff cannot determine what your password is. If you forget your password we cannot retrieve your old one. The best we can do is issue you a new password. If you have forgotten your password contact the HelpDesk.
Mix numbers and letters. Mnemonics and numbers in a word can be your best friend. A mnemonic is a formula or rhyme to help you remember. Examples of mnemonics are:
- My four children are wonderful when they're sleeping (m4cawwts)
- My anniversary is April 4 remember that date (maia4rtd)
- Ali Baba had forty thieves (abh40t)
Try substituting letters for numbers (or vice versa), such as : E equals 3, I equals 1, O equals 0 (zero), for equals 4, two equals 2, B equals 8, see or sea equals C, etc. For example:
- Use r3dj3llo instead of redjello (substitute the E's with 3's)
- Use Bcl1nt0n instead of bclinton (substitute I & L with 1's and O with zero)
- Use j0hn80y instead of johnboy (substitute the O's with zeros & the B with 8
It is important to remember though, that any password can be guessed if given enough time. Therefore, it is important to change your password within the amount of time it would take an attacker to guess it. For example, with the previous examples it may take an attacker 60-days on a very fast computer to guess them. In order to ensure your system's safety then, you must change your password before those 60-days come to an end.
Return to ITO Network Services