The following guidelines are intended to help you to protect your password. The minimum standards for passwords are defined in the University IT document "IT Security Standards".

Choose your password carefully.

• When allowed by the applications you are using, use at least 8 characters for each password.
• Do not use repetitive characters. It is easier to determine passwords with repetitive characters.
• Select a password that combines, alpha, numeric, non-alphanumeric, and upper/lower case characters. The longer the password the more difficult it will be to compromise.
• Do not base passwords on a familiar word, or on words that can be associated with you in any form (as-is, reversed, doubled, etc.). This includes, names of family members or pets, parts of your license plate, brand of automobile, street address, phone number or significant date.
• Choose a password that is easy to remember and which can be typed quickly without the need to look at the keyboard. One idea for selecting an effective password is choosing a password that uses the first letter of each word of a phrase, song or poem that is familiar to you (e.g., 1wbitbNY = 'I was born in the Bronx, New York'). This example includes the substitution of the number "1" for the letter "l".

Keep your password safe.

• Securely file or destroy paperwork that includes user-id and password information.
• Do not write down your password and leave it in an insecure environment. If the choice is between a password that you can remember, but which can also be easily guessed at, then it is better to write it down and store it in a wallet or other secure place. If the password is written down, it should not be identifiable as a password, nor be coupled with the associated ID.
• Do not select the check box to save your password in your web browser or save passwords in the macros or scripts of a PC connection application since others may gain access to your hardware. Do not store passwords in data files.
• Do not share your password with anyone else
• Change your password periodically and do not reuse old passwords.
• When visiting remote web sites that require a user ID, e-mail address and password, use a password different from your Central Directory Service password. Using the same password jeopardizes the University of Connecticut systems and data.