Password Best Practices

Summary

This article contains the best practices regarding passwords.

Body

Summary

This article contains the best practices regarding passwords at USNH in accordance with USNH Password Policy.

 

Content

Password Do's and Don'ts

Do's

  1.     Use strong passwords.
  2.     Use a different password for each account, even for USNH accounts that use the same username.
  3.     Change your passwords every 12 months in accordance with USNH Password Policy.

 Don'ts

  1. Don't share your passwords with anyone, ever.
  2. Don't write your username and password on a post-it note under your keyboard or on your monitor.
  3. Don't write down your username and password in the same place, or at all.
  4. Don’t use iterative passwords (JohnDoe1, JohnDoe2, etc.)
  5. Don’t use easily guessed password schemes (numbers or special characters used only at the beginning or end like 11Aloha, 1Aloha1, Aloha11, Aloha!!, !!Aloha)


Methods for Creating a Strong Password

To protect your information and the University, create a strong, unique password for each account you use at USNH.  Strong passwords have the following characteristics:

  • Length: Use a password that is 14-64 characters. The longer, the stronger!
  • Passphrase (not password): Use a passphrase that combines several words into a phrase that is easy for you to remember like "I love mt chocorua" or "ilovemtchocorua"
  • Use the Entire Keyboard:  Using uppercase and lowercase letters, numbers, and symbols increases the complexity and therefore the strength of a password. You can strengthen the passphrase above by injecting this kind of additional complexity "ILoV3MtC[]c0ra".
  • Avoid Dictionary Words or Popular Phrases: Avoid using words found in the dictionary as part of your password or passphrase.  For example, in the example above, removing the spaces and changing the "e" in love to a "3" allows use of the word "love" without actually using the word as it would be found in the dictionary. Avoid using common or popular phrases which are easily guessed (IE: "May the force be with you",)
  • Banned passwords: USNH relies on a custom banned password list and Microsoft's Global Banned Password list to prevent the use of compromised or easily guessed passwords.

See CISA's Choosing and Protecting Passwords  website for additional password advice.*

* This link is provided for informational purposes only and does not represent an endorsement by or affiliation with the US Cybersecurity & Infrastructure Security Agency (CISA)  at https://www.cisa.gov/ .

 

Further Readings

USNH Password Policy 

CISA's Choosing and Protecting Passwords 

Cybersecurity & Infrastructure Security Agency (CISA) 

 

Need additional help?

See CISA's Choosing and Protecting Passwords  website for additional password advice.*

Visit the Technology Help Desk Support page to locate your local campus contact information or to submit an online technology support request.  For password issues you must call or visit the Help Desk in person.  

Details

Details

Article ID: 720
Created
Fri 7/19/19 5:33 PM
Modified
Mon 9/23/24 4:57 PM
Applicable Institution(s):
Keene State College (KSC)
Plymouth State University (PSU)
University of New Hampshire (UNH)
USNH System Office