Marine Biological Laboratory
Policy No. H.2.2

Information Technology

Initiated by:Director, Information Technology
Approved by:MBL Computer Advisory Committee, MBL Director/CEO
Date:August 29, 1994
Revision:#1, July 23, 2001
Distribution:All users of the MBL Network

1.0Policy Statement:
Insecure passwords place our network at risk and all networks that our users contact. This policy is intended to serve as a guide for users when selecting and changing their passwords.

2.0Password criteria:

2.1Minimum of 8 digits
2.2contain both upper and lower case letters
2.3contain at least one special character (i.e. ! * $ % #)

3.0Selecting a Password

3.1Passwords should be easy to remember.
3.2You should be able to type your password quickly, so no one looking over your shoulder can steal it.
3.3Suggestions for picking good passwords:

3.3.1Combine two short words or abbreviated words separated by special characters. (red$Ball or Sea&Clam)
3.3.2Put together an acronym: (MHALL#1 – Mary had a little lamb #1)
3.3.3Make a sentence: (iM@seA or urOK4M)

4.0Precautions for writing down your password:

4.1Do not identify it as a password
4.2Do not include the name of the account, application, or computer name
4.3Do not attach it to ANY part of the computer, do not leave it under the keyboard, do not store it in a file on your computer
4.4Make the written version different from the original

5.0Examples of Bad Passwords:

5.1Any proper name (like smith or johnm)
5.2Any computer name (like courses, .mbl)
5.3Phone number, license number, Social Security Number
5.4Any word in the English or Foreign dictionary
5.5A place or proper noun (like woodshole)
5.6Passwords with the same letter (like aaaaaaa)
5.7Simple patterns of letters from the keyboard (like qwerty)
5.8Any of the above spelled backwards
5.9Any of the above followed by a single digit.
5.10Any word found in the dictionary

6.0:Passwords and Internet:
Never send your password over the internet or through E-mail.

7.0:Changing passwords:
Passwords should be changed periodically. Once every 3 months is a good practice.

8.0:Instructions for changing your password:
Instructions for changing your password can be found within most computer applications. If you need assistance, please email or call the ISD Helpdesk.

9.0Policy Updates:
Policy clarification and updates are available from the Information Systems Division.