H.2.2 Passwords
Marine Biological Laboratory
Policy No. H.2.2
Information Technology
Initiated by:Director, Information Technology
Approved by:MBL Computer Advisory Committee, MBL Director/CEO
Date:August 29, 1994
Revision:#1, July 23, 2001
Distribution:All users of the MBL Network
1.0 Policy Statement:
Insecure passwords place our network at risk and all networks that our users contact. This policy is intended to serve as a guide for users when selecting and changing their passwords.
2.0 Password criteria:
- 2.1 Minimum of 8 digits
- 2.2 contain both upper and lower case letters
- 2.3 contain at least one special character (i.e. ! * $ % #)
3.0 Selecting a Password
- 3.1 Passwords should be easy to remember.
- 3.2 You should be able to type your password quickly, so no one looking over your shoulder can steal it.
- 3.3 Suggestions for picking good passwords:
- 3.3.1 Combine two short words or abbreviated words separated by special characters. (red$Ball or Sea&Clam)
- 3.3.2 Put together an acronym: (MHALL#1 – Mary had a little lamb #1)
- 3.3.3 Make a sentence: (iM@seA or urOK4M)
4.0 Precautions for writing down your password:
- 4.1 Do not identify it as a password
- 4.2 Do not include the name of the account, application, or computer name
- 4.3 Do not attach it to ANY part of the computer, do not leave it under the keyboard, do not store it in a file on your computer
- 4.4 Make the written version different from the original
5.0 Examples of Bad Passwords:
- 5.1 Any proper name (like smith or johnm)
- 5.2 Any computer name (like courses, .mbl)
- 5.3 Phone number, license number, Social Security Number
- 5.4 Any word in the English or Foreign dictionary
- 5.5 A place or proper noun (like woodshole)
- 5.6 Passwords with the same letter (like aaaaaaa)
- 5.7 Simple patterns of letters from the keyboard (like qwerty)
- 5.8 Any of the above spelled backwards
- 5.9 Any of the above followed by a single digit.
- 5.10 Any word found in the dictionary
6.0 Passwords and Internet:
Never send your password over the internet or through E-mail.
7.0 Changing passwords:
Passwords should be changed periodically. Once every 3 months is a good practice.
8.0 Instructions for changing your password:
Instructions for changing your password can be found within most computer applications. If you need assistance, please email helpdesk@mbl.edu or call the ISD Helpdesk.
9.0 Policy Updates:
Policy clarification and updates are available from the Information Systems Division.