Computing Password Guidelines

Passphrase and Password Details

Passwords are the currency of the Digital Age.  Strong passwords are critical to prevent unauthorized access to any electronic accounts and devices, either yours or those of Macalester College.  If one password is breached, all of the computers on the network are put at potential risk for hackers, viruses or worms.  It is everyone’s responsibility to protect the computing resources of the College.  A network is only as strong as its weakest password.

The first line of defense is to create the strongest password possible to protect computers, data, and online accounts.  Recognizing that strong passwords can be difficult to remember, here are recommendations for achieving this goal at Macalester.

Passphrase Method (Recommended)

Make it Long. Length is the most important factor in the strength of a password. Macalester passwords can be between 8 and 30 characters.

Use a Passphrase. For security purposes Macalester strongly recommends using the Passphrase method of creating passwords with a minimum length of 15 characters. The Passphrase method combines several randomly chosen words with numbers mixed in for added strength. Do not use usernames, addresses, ID numbers, phone numbers, names of pets or family members, etc. Visit passphra.se for suggestions.

Mix Letters and Numbers. Use a mix of upper and lower case letters and numbers. Do not use spaces and underscores.

Change it yearly. Passphrases and passwords should be changed every 12 months.

Alternative Strong Password Method

This is sometimes called the Mnemonic method because it uses the first letters of words in familiar, memorable sentences. You can make up your own “rules” (e.g., when to use uppercase vs. lowercase), but as long as you’re consistent it should be easy to both create and remember your passwords.

What to do

Suggestion

Example

Start with a sentence or two (about 10 words total).

Think of something meaningful to you such as a song, poem or saying.

Long and complex passwords are safest. I keep mine secret. (10 words)

Turn your sentences into a row of letters.

Use the first letter of each word.

lacpasikms (10 characters)

Add complexity.

Make only the letters in the first half of the alphabet uppercase.

lACpAsIKMs (10 characters)

Add length with numbers.

Put two numbers that are meaningful to you between the two sentences.

lACpAs56IKMs (12 characters)

Protect your Passphrase/Password

Treat your passwords with as much care as you treat the information that they protect. Use strong passwords or passphrases to login to any site where you enter sensitive information such as credit card numbers, grades, financial or personal information—including social networking sites.

  1. Never provide your password or passphrase over email or in response to an email request.
    Internet "phishing" scams use fraudulent email messages to entice you to reveal your user names and passwords, steal your identity, and more.
  2. Do not type passwords/passphrases on computers that you do not control.
    Computers such as those in Internet cafes, computer labs, kiosk systems,
    conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing.
  3. Don't reveal passwords to others.
  4. Protect any recorded passwords or passphrases.
    Don't store passwords or passphrases unprotected in your computer.  We do recommend using a secure password vault product such as LastPass or KeePass.
  5. Use more than one password.
    Use different passwords and/or passphrases for different Web sites and services.
  6. Test your password and/or passphrase.

Use a password checker such as https://www.microsoft.com/security/pc-security/password-checker.aspx.