Baruch Computing and Technology Center (BCTC)
Account and Password Security Best Practices
The following suggestions are best practices when maintaining password security on your accounts.
Create a Strong Password
Use strong passwords to protect your computing resources. Follow these rules to create strong passwords:
- Use two numbers in the first eight characters.
- Pick long passwords, at least 8 characters in length if the system allows it.
- Don't use a common dictionary word, a name, a string of numbers, or your User ID.
- One of the easiest to remember and hardest to crack password methods is the pseudo-random password. The actual password is generated from an easy to remember phrase that is important to the user. This phrase can be the words from a book that you particularly like, words from a song that you always remember with ease, a statement that some powerful figure made that you will never forget. The key to a successful password is to create a phrase that is easy for you to remember, but no one else will ever think about attributing it to you.
Some examples are listed below:
Example Phrase #1: "Four score and seven years ago our fathers brought…"'
- password: 4scanse...
- method: Chose first two letters from each word until a total of eight characters result.
Example Phrase #2: "It was a dark and stormy night...".
- password : iWadasn7
- method: Chose first letter from each word, followed by the age of nephew.
Example Phrase #3: My brother's birthday is April(4) twenty two nineteen sixty three(3)
- password : mbbi4tt19s3
- method: Chose the first letter from most words, and substituted numbers for letters.
Certain special characters may be used. However, note that some applications may not accept special characters. If this problem is encountered, changing your password to a combination of letters and numbers should solve the problem. Examples of permitted special characters are shown below:
$ . , ! % ^ *
Avoid a Weak Password
When creating passwords, avoid the following:
- Easy to guess passwords such as a blank or "password"
- Your name, spouse’s name, or partner’s name
- Your pet’s name or your child’s name
- Names of close friends or coworkers
- Names of your favorite fantasy characters
- Your boss’s name
- Anybody’s name
- The name of the operating system you’re using
- String of numbers or letters, like 1234, abcd
- The hostname of your computer
- Your phone number or your license plate number
- Any part of your social security number or ID
- Anybody’s birth date
- Other information easily obtained about you (e.g., address, town, alma mater)
- Words such as wizard, guru, password, gandalf, and so on
- A username in any form (as is, capitalized, doubled, etc.)
- A word in the English dictionary or in a foreign dictionary
- Place names or any proper nouns
- Passwords of all the same letter
- Simple patterns of letters on the keyboard, like asdfg
- Any of the above spelled backwards
- Any of the above followed or preceded by a single digit
Protect Your Account
- Do not let anyone else know or use your password; this is a violation of the College's CUNY Computer User Responsibilities Policy.
- For optimum security, don't write your password down. If you must write it down, keep it somewhere private such as in a locked drawer or in your wallet. Don’t post it on your computer or anywhere around your desk. Don’t include the name of the system or the associated User ID with the password.
- Be aware of when a password is sent securely across the Internet. URLs (Web addresses) that begin with “https://? rather than ?http://? are secure for use of your password. The "s" in "https" means that the Web site is encrypted and cannot easily be read by other people.
- If you suspect that someone else may know your current password, change your password immediately.
- Change your password periodically, even if it hasn't been compromised.
- Don't type your password while anyone is watching.