H.2.2 Passwords

Marine Biological Laboratory
Policy No. H.2.2

Information Technology

Initiated by:Director, Information Technology
Approved by:MBL Computer Advisory Committee, MBL Director/CEO
Date:August 29, 1994
Revision:#1, July 23, 2001
Distribution:All users of the MBL Network

1.0 Policy Statement:
Insecure passwords place our network at risk and all networks that our users contact. This policy is intended to serve as a guide for users when selecting and changing their passwords.

2.0 Password criteria:

  • 2.1 Minimum of 8 digits
  • 2.2 contain both upper and lower case letters
  • 2.3 contain at least one special character (i.e. ! * $ % #)

3.0 Selecting a Password

  • 3.1 Passwords should be easy to remember.
  • 3.2 You should be able to type your password quickly, so no one looking over your shoulder can steal it.
  • 3.3 Suggestions for picking good passwords:
    • 3.3.1 Combine two short words or abbreviated words separated by special characters. (red$Ball or Sea&Clam)
    • 3.3.2 Put together an acronym: (MHALL#1 – Mary had a little lamb #1)
    • 3.3.3 Make a sentence: (iM@seA or urOK4M)

4.0 Precautions for writing down your password:

  • 4.1 Do not identify it as a password
  • 4.2 Do not include the name of the account, application, or computer name
  • 4.3 Do not attach it to ANY part of the computer, do not leave it under the keyboard, do not store it in a file on your computer
  • 4.4 Make the written version different from the original

5.0 Examples of Bad Passwords:

  • 5.1 Any proper name (like smith or johnm)
  • 5.2 Any computer name (like courses, .mbl)
  • 5.3 Phone number, license number, Social Security Number
  • 5.4 Any word in the English or Foreign dictionary
  • 5.5 A place or proper noun (like woodshole)
  • 5.6 Passwords with the same letter (like aaaaaaa)
  • 5.7 Simple patterns of letters from the keyboard (like qwerty)
  • 5.8 Any of the above spelled backwards
  • 5.9 Any of the above followed by a single digit.
  • 5.10 Any word found in the dictionary

6.0 Passwords and Internet:
Never send your password over the internet or through E-mail.

7.0 Changing passwords:
Passwords should be changed periodically. Once every 3 months is a good practice.

8.0 Instructions for changing your password:
Instructions for changing your password can be found within most computer applications. If you need assistance, please email helpdesk@mbl.edu or call the ISD Helpdesk.

9.0 Policy Updates:
Policy clarification and updates are available from the Information Systems Division.