The Ohio State University

www.osu.edu

  1. Help
  2. Campus map
  3. Find people
  4. Webmail

Ohio State University logo Safe Computing logo

spacer Home

spacer Safety Issues
spacer Computer Theft
spacer Hoaxes
spacer Identity Theft
spacer Online Addictions
spacer Online Shopping
spacer Phishing
spacer Power Surges
spacer Social Networking Sites
spacer Spam
spacer Spyware
spacer Viruses

spacer General Safeguards
spacer Anti-spam
spacer Antivirus Software
spacer Backups
spacer Encryption
spacer Firewalls
spacer Privacy
spacer Healthy Habits
spacer Identity Management
spacer Social Security Number
spacer Network Security
spacer (Effective) Passwords
spacer Security Patches
spacer Wireless

spacer Legal Issues
spacer Software Piracy
spacer Copyright Infringement
spacer Online Harassment

spacer Getting Help
spacer Virus Problems
spacer Technical Problems
spacer Reporting Network Attacks

Create Strong, Effective Passwords

All OSU students, faculty and staff and those with guest accounts have a responsibility to keep their computing as secure as possible. Never share your OSU e-mail account with anyone else; it is against the university's Responsible Use policy. In addition, follow these rules for ensuring password security:

Create strong passwords

  • Do use a minimum of 8 characters.

  • Do use a mix of upper and lowercase letters, punctuation and numbers.

  • Don't use words found in any dictionary or proper names of any kind.

  • Don't use personal information such as birthdates, names of family members or pets, and address information, unless you modify them considerably.

How do you construct a strong password? Be creative and make it fun at the same time. For instance, build your password with the first or last letters from a favorite phrase, poem, title, song or whatever is significant to you. To strengthen it even more, change some of the letters to uppercase, numeric or punctuation characters.

As an example, construct a password around the Beatles' song "We all live in a Yellow Submarine." Use the first letter of each word, add the initial of the artists and the year the song was released, and your well-constructed password becomes B,waliays1968. This is a password that's easy for you to remember, so there is no need to write it down, yet it is very difficult to guess. Other examples:

Bad Passwords Good Passwords
tbdbitl Tb$B17l!
whiskers k!TTy,whi#Kers
gobucks gO8uc%ey3S!

Keep your passwords confidential

  • Don't share passwords associated with any of your accounts or services with friends, family or anyone else, whether by phone, in person or in e-mail.

  • Don't let others look over your shoulder as you type your password.

  • Don't write down passwords or keep them in a readable form in your office or home.

  • Don't store passwords in a file on any computer system or PDA without protecting them with strong encryption.

  • Don't use the "Remember Password" feature in web browsers, e-mail software, or other programs that connect to the Internet unless the feature is protected by strong encryption.

  • When possible, use an encrypted web page or application to log on to a service. Many web sites (such as Yahoo) offer a "secure login" feature. Although it takes an extra moment, it will protect your password from being intercepted as it's transmitted to the web site.

  • If a technical support person asks you for your password while trying to help you with a problem, be very cautious, but also understand that it may sometimes be necessary in order to duplicate your problem. Do not hesitate to question the agent about his/her use of or need for your password. If you feel you must reveal your password, first ask the agent to reset it to a temporary password, which you can change after your problem is resolved. Legitimate technical support organizations would have no problem with this request. If you reveal your password and then feel it may have been compromised, first immediately reset the password if you can and then report the incident to the issuer of the account. You can also report a compromised password to OIT's Help Desk by calling 688-4357 (8-HELP) or by sending e-mail to 8help@osu.edu.

  • As an employee, sharing your organization's passwords is considered a misuse of property and a security violation. At Ohio State, it is a violation of the university's Responsible Use Policy.

Change your passwords often. You should change your personal passwords at least once every six months and change administrative or privileged passwords quarterly. Once you create a new password, don't use it on another system or ever again.

Why not do it now? Change your password online and follow the instructions. After you respond to the questions, your new password will become effective in an hour or less.

top
computer graphic

Quick Tips

Do not share your passwords with others

Always use a combination of cases, letters, and numbers in your passwords

Be cautious about revealing a password to a technical support agent

Change passwords often, at least twice yearly
OIT | Office of CIO | TELR