Policy No. H.2.2
Marine Biological Laboratory
Information Systems Division Password Policy
Initiated by: Director, Information Systems Division
Approved by: MBL Computer Advisory Committee, MBL Director/CEO
Date: August 29, 1994
Revision: July 23, 2001
Distribution: All Users of the MBL Network
1.0 Policy Statement:
Insecure passwords place our network at risk and all networks that our users contact. This
policy is intended to serve as a guide for users when selecting and changing their
2.0 Password criteria:
2.1 Minimum of 8 digits
2.2 contain both upper and lower case letters
2.3 contain at least one special character (i.e. ! * $ % #)
3.0 Selecting a Password
3.1 Passwords should be easy to remember.
3.2 You should be able to type your password quickly, so no one looking over your
shoulder can read it.
3.3 Suggestions for picking good passwords:
3.3.1 Combine two short words or abbreviated words separated by special
characters. (red$Ball or Sea&Clam)
3.3.2 Put together an acronym: (MHALL#1 – Mary had a little lamb #1)
3.3.3 Make a sentence: (iM@seA or urOK4M)
4.0 Precautions for writing down your password:
4.1 Do not identify it as a password
4.2 Do not include the name of the account, application, or computer name
4.3 Do not attach it to ANY part of the computer, do not leave it under the keyboard, do
not store it in a file on your computer
4.4 Make the written version different from the original
5.0 Examples of Bad Passwords:
5.1 Any proper name (like smith or johnm)
5.2 Any computer name (like courses, .mbl)
5.3 Phone number, license number, Social Security Number
5.4 Any word in the English or Foreign dictionary
5.5 A place or proper noun (like woodshole)
5.6 Passwords with the same letter (like aaaaaaa)
5.7 Simple patterns of letters from the keyboard (like qwerty)
5.8 Any of the above spelled backwards
5.9 Any of the above followed by a single digit.
5.10 Any word found in the dictionary
6.0: Passwords and Internet:
Never send your password over the internet or through E-mail.
7.0: Changing passwords:
Passwords should be changed periodically. Once every 3 months is a good practice.
8.0: Instructions for changing your password can be found within most computer applications.
If you need assistance, please email email@example.com or call the ISD Helpdesk.
9.0 Policy Updates:
Policy clarification and updates are available from the Information Systems Division.