Good Password Practices FAQ
- How do I create a strong password?
- Are there any tips for choosing a strong password that can actually be remembered?
- How do I change my password?
- How often should I change my password?
- As a system administrator, what can I do to protect passwords on machines I manage?
How do I create a strong password?
- Use 8 or more characters
- Choose a combination of:
- numbers
- upper case letters
- lower case letters
- special characters such as ! $ * % @ # & -
(in some cases restrictions may apply )
- Avoid passwords that are easy to guess or to crack
- Dictionary words (mackerel, dandelion, millionaire)
- Foreign words (octobre, gesundheit, sayonara)
- Simple transformations of words (tiny8, 7eleven, dude!)
- Names, doubled names, first name and last initial (mabell, kittykitty, marissab)
- Uppercase or lowercase words (MAGAZINE, licorice)
- An alphabet sequence (lmnop) or a keyboard sequence (ghjkl;)
- Words that have the vowels removed (sbtrctn, cntrlntllgnc)
Are there any tips for choosing a strong password that can actually be remembered?
- Use lines from a childhood verse:
Jack be nimble, Jack be quick = JbeN#jbq1 - Use an expression inspired by the name of a city:
I love Paris in the springtime = 1LpntST!
Chicago is my kind of town = C1mYK0t* - Use lines from a favorite song:
You can't always get what you want = uC4n+agwUw!
How do I change my password? top
- Change your MSU Net password at password.montana.edu.
- Change your MyInfo PIN by logging in to MyInfo > click the Personal Information tab and select Change PIN.
How often should I change my password?
- Change passwords every 6 months at least.
- Change "first-time" passwords that are issued to you immediately.
- Don't reuse old passwords.
- Don't use the same passwords for work accounts that you do for personal accounts.
- Whenever practical use unique passwords for all accounts
- Don't write passwords down and leave them in places not always under your control.
As a system administrator, what can I do to protect passwords on machines I manage?
- Replace your passwords every 30 to 120 days.
- Disable logon after a specified number of failed attempts.
- Use SSH or SSL for remote server authentication.
Don't use programs that send passwords in plain text such as Samba, FTP, Telnet, Pathworks V 4.0. - Don't use shared usernames and passwords.
- Change or disable the common user names such as Guest and Administrator.
- Log on at the lowest level needed for the work to be done.
- Disable or remove unused accounts.