ACCC Home Page ACADEMIC COMPUTING and COMMUNICATIONS CENTER
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help
 

Choosing a Safe Password

 

People who steal your password steal your identity. This may involve access to personal records and financial information, as well as performing illegal activities in your name. Prevent these problems by choosing a strong password.

 
   
 
     
Why You Need Passwords
  The ACCC's dialin telephone lines, its public PCs and Macs, and its UNIX workstations -- icarus.uic.edu, tigger.uic.edu, and mailserv.uic.edu -- are all shared resources. To ensure that they are only used by UIC faculty, staff, and students, we require you to login before you can use them. Your ACCC UNIX account's netid and you ACCC common password are your tickets to using any ACCC resource. (And a number of Web-based UIC and U of Illinois ones too.)

When you login, you provide two pieces of information: first, your netid to identify your account, and second, your ACCC common password, to confirm that you are the account's owner. Your netid is public knowledge -- it is part of your email address and is published in the UIC online phonebook database -- so you must make sure that you keep your password private. This document explains how to change your password and gives some hints on what to use and what not to use for your password.

When you select your ACCC common password, the password you select will go though a number of checks based on the kind of advise given in this page. So it's to your advantage to pay attention; if you don't the password changing utility will just reject your selection and you'll have to keep trying new passwords until you get something that it accepts. (I like to think that I choose good passwords -- I certainly follow all the tips in this page -- and I've had passwords rejected.)

 
     
Password Rules
 
  • Must be 8 characters long.
  • Must have at least 1 capital letter, 1 lower case letter, and 1 number or punctuation, but no spaces.
  • Cannot be based on your name, netid, or on words found in a dictionary.
  • Cannot be based on simple repeating patterns.
  • Cannot be one that you have used in the past year.
  • And you should be able to type it quickly, so someone else cannot look over your shoulder and pick it up that way.
 
     
Do NOT Do This
 
  1. Do not use personal information in your password that someone else is likely to be able to figure out. Obviously, things like your name, phone number, and address are to be avoided. Even names of acquaintances and the like should be avoided.
  2. Do not use words, geographical names, or biographical names that are listed in standard dictionaries.
  3. Never use a password that is the same as your account name.
  4. Do not use passwords that are easy to spot while you're typing them in. Avoid passwords like 12345, qwerty (i.e., all keys right next to each other), and nnnnnn.
 
     
Try This Trick
 

If you are having difficulty picking a good password, one good method is to use the first letter of each word in a phrase you can easily remember. For example, "McDonald's is your kind of place" is miykop. That will need some modification because you need an uppercase letter and a number too and it's not long enough, so how about: M'5iykop

Another method is to intentionally use misspelled words, or words with a number or punctuation mark suffixed. For example: Co77ege.
(Since the password has to be 8 characters long, the period on the end is part of the password.)

Don't use this examples!

 
     
Common Mistakes
  These are too easy to guess. Don't use them[1]. (The dictionary check should take care of most of them, but even if it doesn't, please don't try.)
  • Your name
  • Your spouse's name
  • Your parent's name
  • Your pet's name
  • Your child's name
  • Names of close friends or coworkers
  • Names of your favorite fantasy characters
  • Your boss's name
  • Anybody's name
  • The name of the operating system you're using
  • The hostname of your computer
  • Your phone number
  • Your license plate number
  • Any part of your social security number
  • Anybody's birth date
  • Other information that is easily obtained about you
  • Words such as wizard, guru, gandalf, and so on.
  • Any username on the computer in any form (as is, capitalized, etc.)
  • A word in the English dictionary
  • A place
  • A proper noun
  • Passwords of all the same letter
  • Simple patterns on the keyboard, like qwerty
  • Any of the above spelled backwards
  • Any of the above preceded or followed by one or two digits
 
     
Feel Like Changing Your Password?
 

Did reading this page inspire you to change your password? You can change your tigger, icarus, or mailserv password on the Web with the ACCC Password Change Utility. See Changing Your ACCC Password.

[1] Simson Garfinkel and Gene Spafford, Practical UNIX Security (Sebastopol, CA: O'Reilly & Associates, Inc., 1991), p. 33-34.

  

2004-10-19  ACCC Consultants
UIC Home Page Search UIC Pages Contact UIC