Password Policy

Policy No. H.2.2

Information Systems

Marine Biological Laboratory

Information Systems Division Password Policy


Initiated by:                                Director, Information Systems Division

Approved by:                              MBL Computer Advisory Committee, MBL Director/CEO

Date:                                         August 29, 1994

Revision:                                    July 23, 2001

Distribution:                                All Users of the MBL Network

1.0    Policy Statement:

Insecure passwords place our network at risk and all networks that our users contact. This

policy is intended to serve as a guide for users when selecting and changing their


2.0   Password criteria:

2.1    Minimum of 8 digits

2.2    contain both upper and lower case letters

2.3    contain at least one special character (i.e. ! * $ % #)

3.0   Selecting a Password

3.1    Passwords should be easy to remember.

3.2    You should be able to type your password quickly, so no one looking over your

shoulder can read it.

3.3    Suggestions for picking good passwords:

3.3.1    Combine two short words or abbreviated words separated by special

    characters. (red$Ball or Sea&Clam)

3.3.2   Put together an acronym: (MHALL#1 – Mary had a little lamb #1)

3.3.3   Make a sentence: (iM@seA or urOK4M)

4.0   Precautions for writing down your password:

4.1   Do not identify it as a password

4.2   Do not include the name of the account, application, or computer name

4.3   Do not attach it to ANY part of the computer, do not leave it under the keyboard, do

not store it in a file on your computer

4.4 Make the written version different from the original

5.0   Examples of Bad Passwords:

5.1   Any proper name (like smith or johnm)

5.2   Any computer name (like courses, .mbl)

5.3   Phone number, license number, Social Security Number

5.4   Any word in the English or Foreign dictionary

5.5   A place or proper noun (like woodshole)

5.6   Passwords with the same letter (like aaaaaaa)

5.7   Simple patterns of letters from the keyboard (like qwerty)

5.8   Any of the above spelled backwards

5.9   Any of the above followed by a single digit.

5.10  Any word found in the dictionary

6.0:  Passwords and Internet:

Never send your password over the internet or through E-mail.

7.0:   Changing passwords:

Passwords should be changed periodically. Once every 3 months is a good practice.

8.0:  Instructions for changing your password can be found within most computer applications.

If you need assistance, please email or call the ISD Helpdesk.

9.0   Policy Updates:

Policy clarification and updates are available from the Information Systems Division.

Need Help?

Need Help?

Contact the Help Desk by phone at 508-289-7654 or via email at (8:00 a.m. – 5:00 p.m., M-F, closed on MBL Holidays).