University of Rochester
 

IT Center
Class Tech
Computer Sales
Ed Tech
Site Licensing
Web Services

University IT Home

IT Notices

IT Policy

About Us

PMR

Leaders

Contact Us

Passwords

Contact Us: 585-275-1823 Email help:

Background

As of March 2004 passwords began to expire periodically and new passwords will be held to higher security standards.

Passwords are an important line of defense against hackers and crackers who would deface our Web sites or otherwise disrupt our Web servers and networks. Our Web server is now mission critical to the university and it is all of our responsibility to help protect it. Passwords can be an open or closed door for hackers and crackers. We prefer to close the door on unauthorized access to our server. We need your help to do that.

Because of increasing security concerns regarding hackers breaking into our system we must insist on stronger passwords.

Passwords will expire on first login to the new system. This means you cannot work on the new Web server until you reset your password. Additionally, you will be required to change your password every four months. You will be notified prior to expiration by email.

What is a strong password?

  • Are not a word in any language or derivable from one
  • Has at least one instance of three of the following
    • Uppercase letters
    • Lowercase letters
    • Punctuation (any on your keyboard)
    • Numbers
  • Does not repeat characters more than twice
  • Is not the same as your last password
How does one change a password?

If you do not know your existing password you will need to go to the University IT Center in Rush Rhees Library with your university ID and username to request a reset on www.wdev.rochester.edu.

If you know your existing password use your Web browser go this address: https://www.wdev.rochester.edu/password/ This is the self-service password reset utility. Fill in the fields, submit it and you will have reset your password.

If your new password does not meet the new higher security standards the system will provide hints for how to meet the guidelines.

The object when choosing a password is to make it as difficult as possible for a cracker (a person who cracks passwords) to make educated guesses about what you've chosen.

A password will NOT be accepted if it:

  • Is less than 6 characters long.

  • Matches anything in your account information, such as your login name, office phone number, etc.

  • Has more than 3 repeated characters -- thus "aaa" would be rejected.

  • Matches or resembles any word found in any dictionary of any language. Crackers are international and multiligual.

Picking good passwords:

  • The perfect password is eight characters long, completely random and follow the guidelines below. However, most people find that difficult to remember. So let us look at what can be done.

  • It should contain at least one instance of three of the following: at least one lower case letter (a-z), one upper case letter (A-Z), digit (0-9), or punctuation character (such as `.', `,' or `-' or any punctuation on the keyboard).

  • It cannot be simply a word or a name. Crackers have online dictionaries in all languages, and names relevant to you can be obtained from publicly available records. Yes, they will go to these lengths to get in.

  • The password cannot be only lower-case or upper-case letters.

  • It cannot be only digits.

  • The password must be six or more characters long, up to eight. Longer is better.

  • It should be easy to remember, so you don't have to write it down.

 

  • You should keyboard in privacy. If in a public lab obscure your typing. This makes it harder for someone to steal your password by watching over your shoulder.

Ways to come up with a hard to guess/crack (but easy to remember) password:

  • Misspell a word. (using the other guidelines included)

  • Take two short words, capitalize one or more letters and put them together with punctuation marks or numbers in between.

  • Choose a line or two from a song or poem and use the first letter of each word.

  • Create words which mimic easily remembered sounds.

Password security:

You will have to change your password every four months. (That way, if someone has guessed your password, they'll lose the ability to use your account.)Never tell anyone your password.

Don't tell anyone who asks for it. No one else has a legitimate reason to know it. Not even our support or system staff. Don't share your account with other people - if you share your account, then you'll never know how far the password has spread, and you will be responsible for whatever is done with your account. Remember, when you requested your account you agreed to not share it in any way. If another person needs an account and has a legitimate need they can have one of their own. They should fill out our application form at: http://www.rochester.edu/its/web/IPA/

Don't write your password down. In particular, don't write it down on anything in your work area, and especially not online in a file. (Keeping it in your wallet is acceptable, but don't show it to others.) Do not put it under your keyboard or on a postit or even stick to the underside of a drawer. Crackers know ALL the usual places to look. Do not put it in an organizer that is ever out of your position without turning on password protection in the organizer.

If you have difficulty with this process or need further clarification call the University IT Center at 5-2000 or contact your primary Web support person. or email


We are accelerating the delivery of the benefits of IT, by creating an integrated IT environment.




Web Services Hours of Operation   275-1823  

Web Technical Assistants (Web TAs) - Student staff

TAs

Peter Andrews

Ryan Bach

Sourabh Bora

Corey Proscia

 

 

 Job Opportunities Through Web Services


 
       

Text | Directory | Index | Contact | Calendar | News | Giving

©Copyright 1999 -- 2006 University of Rochester

Last Modified: Sunday, 29-Apr-2007 13:45:21 EDT