Password Standards
Passwords are an extremely important part of information security, and, if not handled properly, passwords can be the weakest link in the college's defenses.
At Colorado College, we enforce the following password standards:
- passwords must be at least 14 characters long;
- passwords must contain at least 3 types of characters (a,b,c... 1,2,3... A,B,C... !,@,#);
- when resetting a password, it must be new and different from any previous password;
- passwords cannot contain your username or any part of your full name.
- passwords should not be shared with anyone, including family, assistants, or other coworkers (even ITS: staff!);
- passwords should not contain a recognizable word.
- passwords should be unique.
- Do not use the same password you have at CC for personal accounts, for example.
- The first thing hackers will try if they obtain your password is to log into online banking, credit card, amazon.com, and other services with the same credentials.
Examples
- Bad Password: Spiderman1234!
- Good Password: I6sp3i*dey2468
Passphrases
We encourage you to use a passphrase instead of a password. Passphrases are simply longer passwords that are more natural for a human to remember but much harder for a computer to crack because they are so long. A good passphrase is composed of 3 or 4 randomly chosen words that are typed including spaces. It's important that the passphrase be a random assortment of words and not an actual phrase one would hear in a sentence.
Passphrases should be at least 20 characters long, but many people find they are just as fast to type since they are much more natural and less awkward than most passwords. Remember to include at least three types of characters in your passphrase (lowercase letters, uppercase letters, numbers, and special characters). Since they are easier to remember and harder for computers to crack, passphrases are a win/win!
Examples
- Bad Passphrase: I love to study at Barnes!
- Good Passphrase: spiders bottle Clark! energy