FAQ: Password Security

Contents

What are the password requirements for as HCC?

The following rules for stronger passwords are currently enforced for systems in use at HCC.  This includes NetID, but is recommended for all other systems as well. The password rules are as follows:

  • Must be at least 8 characters.
  • Must consist of a combination of uppercase letters, lowercase letters, numbers and one or more special characters ! % * + - ? _: ! (exclamation point), % (percent sign), * (asterisk), + (plus sign), -(dash or minus sign), ? (question mark), _ (underscore).
  • Cannot contain your username.
  • Cannot be a any of the last 10 passwords used.

How do I create a secure password?

  • Longer is better. The more characters in your password, the harder it is to crack.
  • If you use a password manager, consider generating a very long (30+ character) string of random letters, numbers, and symbols for your password. The password manager will store the password, so you can easily use a different random string of gibberish for every website.
  • Use a string of words, either a sentence with punctuation or a collection of random words, to make your password easier to remember than a random mix of letters or numbers. This is known as a passphrase. Keep in mind that a common phrase or sentence from existing literature is easier for an attacker to guess.
  • One technique to create strong and easy to remember passwords is to use the first letter of each word, including punctuation, in a sentence. Choose a sentence with some capitalized proper nouns, at least one number, and some punctuation, for example '17 will be HCC's year!'  becomes the password: '17wbHy!'
  • Don’t rely on obvious substitutions of symbols and numbers for letters, which attackers have long since picked up on. “App1e” or “App!e” is no more secure than “Apple”.

How can I remember all of my different passwords?

Fortunately, you do not need to keep track of a dozen different, complicated passwords in your head. Password managers are a type of software that securely store all of your passwords, so you can log in to all of your accounts without needing to memorize many different passwords.

There are many free and secure password managers, each with browser extensions, mobile apps, secure password generators, and other useful features.

How can I keep my passwords safe?

  • Do not share passwords with anyone! IT will never ask you for your password.
  • Do not write your passwords down on a sticky note, piece of paper, or anything stored in or around monitors or desks!
  • Do not store passwords in an unencrypted or plain text file on your computer!
  • Ensure no one can see your password while you are typing it!
  • Check to see if the website you’re on uses HTTPS, which keeps an attacker from intercepting your information. You can find out by looking for a padlock icon in the address bar.
  • Use different passwords for different services! Otherwise, if an attacker gets your password, they can log in to all of your accounts.

Details

Article ID: 58860
Created
Wed 8/1/18 12:39 PM
Modified
Tue 5/5/20 8:30 AM

Related Articles (1)