Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may compromise Murray State University’s resources. As such, all students, faculty, staff, or individuals external to MSU who use MSU information technology resources are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. Show 2.0 Purpose The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change. Any questions or comments about this policy should be directed to Information Systems. 3.0 Scope The scope of this policy includes all individuals (students, faculty, staff, or individuals external to MSU) who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any Murray State University facility, has access to the Murray State University network, or stores any Murray State University information regardless of location. 4.0 Policy 4.1 General
4.2 Guidelines 4.2.1 General Password Construction Guidelines Some of the more common uses of passwords include: user level accounts, web accounts, email accounts, screen saver protection, voice mail password, and local router logins. Since very few systems have support for one-time tokens (i.e., dynamic passwords which are only used once), everyone should be aware of how to select strong passwords. Weak passwords have the following characteristics which must be avoided:
Strong passwords have the following characteristics which will be followed regardless of system imposed restrictions:
Passwords should never be written down or stored online. Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation. NOTE: Do not use any of these examples as passwords! 4.2.2 Password Protection Standards Do not use the same password for Murray State University accounts as for other non-Murray State University access (e.g., personal ISP account, personal email, forums, etc.). Where possible, don't use the same password for various Murray State University access needs. Do not share Murray State University passwords with anyone, including administrative assistants or secretaries. All passwords are to be treated as sensitive, confidential Murray State University information. Compliance with the following is required:
If someone demands a password, refer them to this document or have them call the Information Security Officer. If an account or password is suspected to have been compromised, report the incident immediately to the Information Security Officer and change all passwords. Password cracking or guessing may be performed on a periodic or random basis by the Information Security personnel. If a password is guessed or cracked during one of these scans, the user will be required to change it. 4.2.3 Application Development Standards Application developers must ensure their programs contain the following security precautions. Applications:
4.2.4 Pass phrases Pass phrases are generally used for public/private key authentication. A public/private key system defines a mathematical relationship between the public key that is known by all, and the private key, that is known only to the user. Without the pass phrase to "unlock" the private key, the user cannot gain access. Pass phrases are not the same as passwords. A pass phrase is a longer version of a password and is, therefore, more secure. A pass phrase is typically composed of multiple words. Because of this, a pass phrase is more secure against "dictionary attacks." A good pass phrase is relatively long and contains a combination of upper and lowercase letters and numeric and punctuation characters. An example of a good pass phrase: "ThekrazyTrafficOn$*($%@)(WasnUtsThisMorning" All of the rules above that apply to passwords apply to pass phrases. 5.0 Enforcement Anyone found to have violated this policy may be subject to disciplinary action, up to and including suspension of access to technology resources or termination of employment. Students may be referred to Student Affairs for discipline. A violation of this policy by a temporary worker, contractor or vendor may result in action up to and including termination of their contract or assignment with Murray State University. 6.0 Definitions Application Administration Account Any account that is for the administration of an application (e.g., Oracle database administrator, SAN administrator). SNMP (Simple Network Management Protocol) SNMP is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. Which of the following is a weak password?Poor, weak passwords have the following characteristics: The password contains fewer than eight characters. The password is a word found in a dictionary (English or foreign). Names of family, pets, friends, coworkers, fantasy characters, etc.
What are 4 features of a strong password?A strong password is:. At least 12 characters long but 14 or more is better.. A combination of uppercase letters, lowercase letters, numbers, and symbols.. Not a word that can be found in a dictionary or the name of a person, character, product, or organization.. Significantly different from your previous passwords.. What are five qualities of a weak Internet password?7 Characteristics of Weak Passwords (Infographic). Repeating previously used passwords.. Names of close family members or friends.. Your name.. Words in the dictionary.. Common names.. Repeating your login code.. Keyboard patterns and swipes (i.e., 123456 or QWERTY). Which of the following are features of a strong password?Try to incorporate symbols, numbers, and even punctuation into your password, but avoid clichés like an exclamation point at the end or a capital letter at the beginning. The more diverse your characters are, the more complex it is, and the longer it would take to crack.
|