Business Information and Technology Services

Password guidelines

Password security is essential to minimise the chances of your computer being "hacked" and your personal details being compromised.

  1. Logging in
  2. Choosing a password
  3. Change passwords frequently
  4. Changing passwords

Logging in

When you login, your username tells the computer who you are and your password proves that you are who you say you are. Your password is the key to your account – always keep it secret.

Your password should never be the same as your username or your real name.

If someone else knows, or is able to guess, they can gain access to our computers. From there they can try to break into other computers around the world. They cause mischief in your name (such as broadcasting defamatory messages or downloading illegal pornography). You could be held responsible for their actions.

  • Always keep your password a secret
  • never give your password to anyone else, including people in authority
  • never change your password to a string known or suggested by someone else
  • if you must write down your password, keep it in a safe place.
Back to top

Choosing a password

Password security isn't just a matter of thinking up a nice word and keeping it to yourself. You must choose a password which will be difficult for someone else to guess or crack. 

Spying

A lot of ATM fraud is based on watching a person keying in their PIN and making phoney ATM cards using account details from discarded ATM receipts.

A common way of finding out your password is simply to watch you type it in, so:

  • ensure nobody is watching you type your password
  • use longer passwords
  • use passwords you can type quickly and comfortably
  • avoid obvious sequences like qwertyui or !@#$%^&*.

 As a matter of courtesy, always turn away, or step back from the screen, when someone else is entering their password.

Guessing passwords

Because there is a tendency for people to forget passwords, we choose something of relevance to ourselves, such as a personal name, a favourite car or sport and the like. Someone who knows a little about you can make a list of these words and crack the password. All-digit passwords usually fall into this category – birthdates, phone numbers.

Dictionary and atlas words

The computer can test these words in less than an hour. A program with access to a good dictionary has a very good chance of cracking a password that is a real word of such words with minor modifications such as the addition of a digit or an initial uppercase letter. 

Good practice

Preferably something you can remember, that can be typed quickly and accurately and includes characters other than lowercase letters.

Examples:

  • Made-up "words" – chokBel8 (can be "pronounced", has a digit)
  • Personal acronyms – ihCbltdT (i hate Coffee but love to drink Tea)
  • Misspell and/or invert syllables or words – D0gzmaDD (instead of 'mad dogs' – also replaces letter o with digit zero)

Never use any example passwords given in this web page or similar documents.

Back to top

Change passwords frequently

If you change your password frequently (every four to six weeks) it is less likely that your password will be cracked. If your password is cracked, changing it frequently will limit the damage a cracker can do and force them to begin cracking it all over again.

  • UWA's Pheme forces you to change your password every six months
  • other systems may have different time frames.
Back to top

Changing your password

Most systems at UWA have a system that allows you to change the password by entering

  • your username
  • the current (or "old") password
  • a new password
  • a verification of the new password (to minimise the chance you won't know the new one because you accidentally made a typing error). It first asks for your old password, to ensure that only you can change your password. It then asks for you to enter your new password, and to enter it again, to verify that you didn't make a typing mistake.

If you forget your password, you may need to contact the system administrator for information relating to getting a new one for that system.

It is preferable to remember your new password without writing it down. Practice your new password by logging in and out a couple of times immediately and also again later that day if possible. If you must write it down, store it safely.

Never use any example passwords given in this web page or similar documents.

Back to top

 

Business Information and Technology Services

This Page

Last updated:
Wednesday, 20 June, 2012 3:30 PM

http://www.bits.uwa.edu.au/1782366