Passwords
The strongest tool you have to protect the computing resources
of Maricopa Community Colleges is your password. It is extremely
important you maintain effective management of your password by
selecting a strong password, safeguarding its integrity, and replacing
it when appropriate.
Access to
the various computing systems is authorized based upon your identity
and your password is what represents your identity to the system.
Therefore your password should never be disclosed to anyone, including
system administrators. You should immediately change your password
if you feel it has been compromised in any way.
Passwords
can be viewed as the combination lock used to protect computer
accounts and their access to network resources. Other computers
may be used to run password-cracking programs at extremely high
speed. You should choose complex passwords to protect against
such misuse.
Choose a
Strong Password
When you enter
the correct combination you authenticate your identity and are
granted access to the computing resource based upon your defined
responsibilities. Do you use one lock between all of your accounts
or do you use multiple locks? You should avoid using the same
password for casual or risky services that you would use for more
critical or secure services. Never use the same password at work
that you use for entertainment or nonwork related services. Other
computers can be used to guess combinations in an attempt to crack
usernames and passwords at an extremely high speed. Always be
sure to choose a complex combination to thwart misuse. A strong
password should meet the following minimum requirements.
- It cannot
be obvious. Attack dictionaries use attack lookups and will
often crack a password within seconds or hours. A computer will
never tire of trying to obtain a username and password and no
one needs to be monitoring the computer while it completes its
task.
- Never
use a dictionary word. Every word in the dictionary can
be tried within minutes. Don't think your password is safe
because you used a language other than English; attack dictionaries
can make the language conversion. Also attack dictionaries
include commonly used passwords, common misspellings, names,
and words with numbers.
- You
should never make your password anything that has any personal
significance to you...such as a relative's, a friend's,
or a pet's name or birthday.
- Never
use your username (forward or backward), your first name,
or your last name as your password.
- Never
use repeating letters or numerals (AAAAAA, 111111, and so
on).
- It cannot
be short.
- Never
utilize anything less than a seven-character password because
it simply will not last long against hacking programs. Eight
to sixteen character passwords are ideal.
- It cannot
be just a few characters.
- You
should use a combination of lowercase, uppercase, numbers,
and symbols when creating a strong password for systems
that support the use of special characters. The use of these
characters also increases the number of possible combinations.
Some systems, however, will not allow you to use numbers
and/or symbols when creating passwords. On systems that
will allow the use of special characters, think about substituting
a "$" for the letter "S", the number "1" for the letter
"l", or the zero "0" for the letter "o".
Safeguard
Your Password
A password
should not be written down nor should it be posted for easy
viewing. If the password absolutely has to be written down,
then it must be locked in a secure location that no
one else is able to access. Why bother attempting to secure
resources if you are going to post your password for everyone
to see?
A password
should never be shared with anyone for any purpose! If you
feel that your password has been compromised, then you should
change it immediately.
If you
are afraid that you will forget your password, think of a
short saying or sentence. Examples of this would be: "Mda$8s1n"
(My dog ate Suzie's 8 shoes last night), "?ml2c0Trp" (how
many licks to center of Tootsie-roll pop), or "+YAagbt4s"
(the Yankees are a great baseball team 4 sure).
Protecting
Maricopa's Resources
Okay,
you have an account to access the network. You say you do
not have any files that you feel are important enough to protect
or need protection from others, so you do not care if you
have a strong password. Okay, but what about your neighbor?
Once an unauthorized person has your username and password
(or any username/password on the network), they can use your
account to gain access to other accounts on the network that
may have more authority or access rights than you. Or they
can use your account to wreak havoc, thus making you the responsible
individual since it is your account.
Do you
utilize the same password for each service (network, email,
CFS, PS) you access? Or do you use different passwords for
each service, using stronger passwords for the higher-level
applications? You should avoid using the same password for
casual or risky services that you would use for more critical
or secure services.
How often
do you change your password(s)? It is recommended that you
change your password at least every 180 days. Regardless of
how much or how important the information that your password
protects, is it not worth the effort to change it once in
awhile?
Do you
lock your workstation when you leave your desk? Or do you
leave your workstation available for anyone's use? It only
takes a few seconds to hit CTRL-ALT-DEL to select "Lock Workstation"
when you leave and CTRL-ALT-DEL to input your password upon
return to your workstation. Would you leave your house unlocked
with the door open when you are not home? It is basically
the same when you leave your workstation unattended and unlocked
|