• CoEHD Home
• ETS Home
  • Report a Problem
  • Computer Labs
  • Equipment Checkout
  • Staff
• Departments and Offices
• Directory

Educational Technology Services

Choosing a good password  

Passwords are used for various purposes. Some of the more common uses include: user accounts, web account, e-mail accounts, screen saver protection, voice mail passwords and remote access logins. Since very few systems have support for one-time tokens (dynamic passwords which are only used once), everyone should be aware of how to select strong passwords. If a malicious user can get hold of or 'crack' your password they can access the system with your identity and with your access rights.

• Passwords should contain 3 of the 4 character types:

  1. UPPERCASE letters: A-Z
  2. lowercase letters: a-z
  3. numbers: 0-9
  4. symbols: ~`!@#$%^&*()_-+={[}]|\:;"'<,>.?/
     
     
• Do not use all letters or all numbers and do not use a dictionary word in any language or a permutation of such. Avoid using a common word such as "Western" or "Bronco", your name, account name, common names of people or places, technical jargon, repeating sequences and keyboard sequences. Do not base your password on any items of personal information such as your name, social security number, birthday, pet names, or family member and do not use your account name as a password. Do not use computer terms, names, commands, sites, or company’s software titles and do not use word or number patterns like abcdefg, qazxsw, qwerty, zxcvbn.
  
  
• Use random, pronounceable syllables to make up words that are easy to remember
  Use acronyms for unusual phases that you invent.(ex.“WCMPE120D” for = “why change my password every 120 days” or "Tbontbtitq" for "To be or not to be that is the question" then substitute characters (see next item).
  
  
• Character substitution is where you take a lower-case dictionary word and substitute in special characters, numbers and uppercase letters to make them more complex. Examples of common substitutions are:

  1) $, S or 5 for s
  2) 1, I or ! for i
  3) @ or A for a
  4) 7 or T for t
  5) 3 or E for e
  6) 9, G or 6 for g
  7) 0 or O for o
  8) 8 or B for b

  "Tbontbtitq" for "To be or not to be that is the question" would become "7b0n7B7!7?"
  
  
• Make two separate words into one longer password. You will also need to do character substitution to ensure that the password meets complexity requirements.

  Examples:
  internet explorer - 1nt3rN3TeXp70r3R
  happy days - h@pPyD@Y$?
  good boy - 60odB0y!

• Substitute codes or words into other words (insert numbers between the letters of the original word).

  Examples include (original word - Pattern/Code/Word to insert - Password):
  1) internet - numbers doubling eg 1,2,4,8,16 - I1n2T3e4R8n16E32t!
  2) today - favorite color Orange - t0oRd@aNyGe
  3) John - favorite football team tigers - Jt0iHgN3r$

• Create a password from phrases with character substitution. Phrases can be any number of things--statements, locations, lines from books or movies etc.

  Examples: (Format: Phrase - How to construct word - 'Word' Using Parts of phrase
  - final password with substitution)
  1) The next generation is you - First and last letter from each word -
  Tentgnisyu - 73n79N!$yU!
  2) 45 main street - First 2 letters in word with a number between
  first letter of each word in capitals - Fo1Fi2Ma3St4 - Fo1F!2M@3St4
  3) I drive a holden commodore now - First letter of each word with the
  characters of my number plate between (assume number plate is ABC 123)
  - iAdBaCh1c2n3 - !AdB@Ch1c2n3!

Protecting your password
Do not use the same password for Western Michigan University accounts as for non-Western Michigan University accounts (i.e. personal ISP accounts, Brokerage accounts, benefit accounts, etc). Remember, if one account password is compromised, all accounts may be compromised. Do not share your University password(s) with anyone, including administrative assistants, supervisors, secretaries, or co-workers. All passwords are to be treated as sensitive, confidential Western Michigan University information.

Don’t:

• reveal your password over the phone to anyone, including your computer support personnel. Support personnel should never initiate a call requesting a password.
• talk about your password around others.
• reveal a password on questionnaires.
• share your password with co-workers while on vacation.
• use the ‘Remember Password’ feature on applications (ie. Netscape Messenger, Outlook, Outlook Express, Eudora).
• write passwords down or store them anywhere near your computer.
• store passwords in a file on any computer system (including PDA’s or similar devices) without using strong encryption.

If you suspect your account or password has been compromised, report the event to the appropriate system administrator and the University Information Security Administrator and change your password immediately.

If someone demands your password, refer him or her to this document or have him or her contact your system administrator or the University Security Administrator in Office of Information Technology.