Creating strong passwords

Password Policy Summary/Overview       

  • Applies to everyone with access to any password protected computer resource @ Metro.

  • Requires use of strong passwords that are difficult to guess and/or figure out.

  • Are chosen, stored, and managed appropriately, including:

    • Initially changed at the beginning of 2007

    • Changed at least every 120 days (or the beginning of each semester)

    • Changed whenever a compromise is suspected

    • Are not posted on, under, or around the computer or workspace

  • Are not shared with anyonePossible non-compliance consequences are:Suspension of access to computer resources

  • Disciplinary action from warning to termination/expulsion

  • Civil and/or criminal proceedings

 

Password requirements

  • Passwords for Metro computing resources must be different from non-Metro computing resources
  • Passwords must be changed at least every 120 days (once per semester)

Passwords must contain

  • At least 8 characters
  • At least 2 uppercase letters (A-Z)
  • At least 2 lowercase letters (a-z)
  • At least 2 digits (0-9)

Passwords must not contain

  • Simple sequences (12345, abcde)
  • Single dictionary words (in any language)
  • Any part of your name, ID, SSN, username, birthday, anniversary, spouse/child's/pet's name, or phone number

Quick Notes

  • Old passwords must not be reused for at least one year.
  • At least 3 characters from previous password must be changed.
  • Do not use Remember my login/password or Automatic Login options.

 

Tips for Creating and Remembering Strong Passwords

  • The easiest way to remember a complex password is to develop your own personal pattern to create them.  Following the above requirements, your pattern will determine which letters are uppercase, which are lowercase, and where digits will be placed.  When you stick with your pattern each time you create your password, all you will need to remember are the words you have chosen each time you recreate it.  The rest will remain the same.
  • We suggest that when prompted to change your Windows password, you also change all your passwords.  Then change them all again at the beginning of each semester.  This will eliminate having to make staggered changes.
  • It is strongly suggested that using only common, well-known substitutions be avoided (i.e. M1cr0$0ft for Microsoft, or P@$$w0rd for Password).  These are relatively easy to figure out.
  • Here are some examples to help you create strong passwords that are easy to remember.

    • Example 1:

      • Select a memorable line from a song, movie, or book.

        • Example: Raindrops keep falling on my head.

      • Choose the first letter of each word.

        • Example:  rkfomh

      • Capitalize every other letter.  

        • Example:  RkFoMh

      • Add a digit after the first, third, and fifth letters.

        • Example:  R3kF6oM9h

      • Your new password is: R3kF6oM9h

    • Example 2:

      • Select a sentence that is memorable to you.

        • Example: My son Aidan was three in the fall.

      • Combine the first letters of each word in the sentence.

        • Example:  msawtitf

      • Place digits in the 3rd and 6th positions.

        • Example:  ms8aw3titF

      • Capitalize the 1st, 2nd, and last letters.

        • Example:  MS8aw3titF 

      • Your new password is: MS8aw3titF

    • Example 3:

      • Select 2 or more unrelated words

        • Example: counter grateful

      • Capitalize every 3rd letter in the first word, and the first and last in the 2nd word

        • Example:  CouNteRGratefuL

      • Place 2 digits between the 2 words

        • Example:  CouNteR1Gr8fuL

      • Your new password is: CouNteR1Gr8fuL

 *Note: To increase security, unique passwords should be used for each of the Metro resources: Academia, Admin and Banner.