IAS Security Hero

Password Guidelines

  • Change all default passwords. These include any passwords for initial login set by the vendor, or set by computing staff.
  • Change all null (blank) passwords. Each system that can use a password should not be left with with an unset password.
  • Use a strong password. A strong password contains the following items:
    1. Required to be at least 15 characters long
    2. Recommend including upper and lowercase letters
    3. Recommend including at least one number and special character
  • Change passwords as needed. If a password does not follow this policy, change it, or if it is suspected compromised.
  • Do not write down passwords in a public space (e.g. no sticky note under the keyboard).
  • Use a passphrase instead of a password. This will make it complex and easy to remember.
    • Pick a song lyric, saying, or quote that you'll remember, like "We all live in a yellow submarine".
    • Change it slightly in a way you'll remember, like "We all live in a purple submarine".
    • Add mispellings to cofnuse dictioanry atacks.
    • Add numbers and punctuation, like "We all live in 5 purple submarines,".
    • Now you have a 35 character password that is unique, complex and easy to remember.