Guidelines for Creating Network Passwords

Why Are Strong Passwords Important

Passwords are used to control and manage access to the Miami Dade College network. Strong passwords safeguard against identity theft. Compromised passwords expose sensitive College data and systems and put user's email and data files at risk.

One of the most common methods attackers use to guess passwords is known as a brute force attack. Attackers systematically try possible password variations until they manage to break into an account. They frequently use dictionary files to generate lists of possible passwords. By choosing passwords that are easy to remember but hard for attackers to guess, you will significantly improve the security of your identity, computer and data.

1. Passwords must be at least fifteen (15) characters long.
2. Passwords must not contain any name or nickname.
3. Passwords should contain characters from at least three (3) of the following four (4) classes:

Description Examples
• English upper case letters A, B, C, ... Z
• English lower case letters a, b, c, ...
• Numbers (0, 1, 2, ... 9)
• Non-alphanumeric ("special characters") such as punctuation symbols

4. After five bad logon attempts, the user will be locked out.
5. Passwords will expire automatically every 180 days.

Passwords should not contain dictionary words, including foreign language words, slang, jargon, or proper names. Passwords should not be based on your name, userid, birthdates, addresses, phone numbers, relatives' names or other easily identifiable personal information. However, you can combine individual syllables of words or the first letter of each word in a phrase to form your password as long as this does not result in a dictionary word.

Protecting Your Passwords

• Develop a list of five passwords that you can recycle.
• Do not write your passwords down or store them anywhere in your office
  o Keep them in an extremely secure place where others cannot find them
  o If you store passwords in a file on any computer system (including PDAs or similar devices), you must secure the system with a strong encryption and a very strong password.
• All passwords are to be treated as confidential College information.
• Do not use the passwords for College systems on any other external systems (such as, Amazon, Yahoo, Hotmail, MSN, ebay, etc.) Develop a separate list of three or more passwords for use on the Internet.
• Do not share your passwords with anyone.
• College Procedure 7900 makes you accountable for the security of your passwords. You will be held responsible for any misuse if they are guessed, disclosed, or compromised.

If you suspect your account or password has been compromised, change the password immediately.