Getting Help: Changing Your Password

Account Management

Data stored on computers, servers and in email is often confidential. Security of this information is maintained by creating secure passwords that cannot be guessed or found through the use of a password cracking program. Even if you do not feel your data is confidential, hackers often use systems that do not contain confidential data as a way to access secured data. One way to help protect your information is to maintain good password management.

What are the password rules?
All users will be moved to a password scheme requiring passwords to expire every 90 days, the passwords must be six characters in length and contain at least one alpha and one numeric character, and passwords cannot be reused.

How do I manage my account?
As the College moves to more integrated systems, more and more data will be accessed with the same password. This password is called your Universal Password.

You can maintain your account via our Change Your Password page, which is acccessible from any page in the Office of Information Technology website. It's the second link from the right in the grey menubar above.

Change Password
When you click the Change Password button, your password for email, network file space (Novell), wireless, VPN, and web pages will be reset. If your password has expired, please contact the Help Desk for direction on how to have your password reset.

Creating, Maintaining, and Protecting Passwords

Why are passwords important?
Passwords are an important aspect of computer security. Poorly chosen passwords increase the likelihood of account compromise and unauthorized access to user data. Computer crackers frequently begin an assault on a particular system by compromising the account of an individual user with a poorly chosen password. Once the cracker has this foothold, he or she then seeks to obtain administrative access to the target system by exploiting vulnerabilities in the operating system and related software. If successful, the cracker can gain access to the data of all users stored on the system. Users therefore have a collective responsibility to help secure the data stored on College computers by selecting strong passwords.

General password construction guidelines
Poor, weak passwords have the following characteristics:

The password contains less than eight characters
The password is a word found in a dictionary
The password is a common usage word such as:

names of family members, pets, co-workers, fictional characters, etc.
computer terms and names, commands, sites, etc.
birthdates, addresses, phone numbers, etc.
word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
any of the above spelled backwards
any of the above preceded or followed by a digit (e.g., secret1, 1secret)

Strong passwords have the following characteristics:

Contain both upper and lower case characters
Have digits and punctuation characters as well as letters
Are at least eight alphanumeric characters long
Are not a word in any language, slang, dialect, jargon, etc.
Are not based on personal information, names of family, etc.

Given these guidelines, it can be daunting to come up with a strong password that isn't difficult to remember. One technique starts with the selection of a favorite song lyric or literary quote. The first letter of each word in the phrase then forms the basis for the new password. Substituting numbers or symbols for some of the characters then strengthens the password.

For example, the Wooster fight song begins, "Hail to the black and gold, cheer for the team." If you take the first letter of each word, you have:

httbagcftt

Next, either add a number or symbol, or change some letters to numbers or symbols. This yields:

httb&gc4tt

Finally, mixing in some upper case letters in logical places, we have the following new password:

Httb&gC4tt

As you can see, this password is difficult to guess — even by a program written expressly to guess passwords — but is relatively easy to remember.

Protecting your password
Passwords should never be revealed to anyone for any reason. No one from the Office of Information Technology will ever ask you for your password. If you receive a request for your password from any source, report the matter to the Help Desk at x4357.

Passwords should be changed every ninety days.

Passwords should never be written down or stored on any computer system (including Palm Pilots or similar devices) without strong encryption.

Forgotten passwords
Students must bring their College of Wooster ID to the Office of Information Technology on the fourth floor of Morgan to have their password reset.

Faculty and Staff members should contact the Help Desk to have their password reset.

1 The Office of Information Technology
Home	Getting Help	Computing Resources	The Office of IT	Change Your Password	The Office of IT Blog

Getting Help Help Desk Services Policies & Procedures Help for... Alumni Faculty & Staff Parents Students Help with... Changing Your Password Copiers & Printers Creating a Web Page E-mail Networking & Wireless Scotweb Telephone & Cable TV Viruses & Spyware Woodle * * * * * * * * Information on recommended computer systems for incoming students * * * * * * * *	Getting Help: Changing Your Password Account Management Data stored on computers, servers and in email is often confidential. Security of this information is maintained by creating secure passwords that cannot be guessed or found through the use of a password cracking program. Even if you do not feel your data is confidential, hackers often use systems that do not contain confidential data as a way to access secured data. One way to help protect your information is to maintain good password management. What are the password rules? All users will be moved to a password scheme requiring passwords to expire every 90 days, the passwords must be six characters in length and contain at least one alpha and one numeric character, and passwords cannot be reused. How do I manage my account? As the College moves to more integrated systems, more and more data will be accessed with the same password. This password is called your Universal Password. You can maintain your account via our Change Your Password page, which is acccessible from any page in the Office of Information Technology website. It's the second link from the right in the grey menubar above. Change Password When you click the Change Password button, your password for email, network file space (Novell), wireless, VPN, and web pages will be reset. If your password has expired, please contact the Help Desk for direction on how to have your password reset. Creating, Maintaining, and Protecting Passwords Why are passwords important? Passwords are an important aspect of computer security. Poorly chosen passwords increase the likelihood of account compromise and unauthorized access to user data. Computer crackers frequently begin an assault on a particular system by compromising the account of an individual user with a poorly chosen password. Once the cracker has this foothold, he or she then seeks to obtain administrative access to the target system by exploiting vulnerabilities in the operating system and related software. If successful, the cracker can gain access to the data of all users stored on the system. Users therefore have a collective responsibility to help secure the data stored on College computers by selecting strong passwords. General password construction guidelines Poor, weak passwords have the following characteristics: The password contains less than eight characters The password is a word found in a dictionary The password is a common usage word such as: names of family members, pets, co-workers, fictional characters, etc. computer terms and names, commands, sites, etc. birthdates, addresses, phone numbers, etc. word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc. any of the above spelled backwards any of the above preceded or followed by a digit (e.g., secret1, 1secret) Strong passwords have the following characteristics: Contain both upper and lower case characters Have digits and punctuation characters as well as letters Are at least eight alphanumeric characters long Are not a word in any language, slang, dialect, jargon, etc. Are not based on personal information, names of family, etc. Given these guidelines, it can be daunting to come up with a strong password that isn't difficult to remember. One technique starts with the selection of a favorite song lyric or literary quote. The first letter of each word in the phrase then forms the basis for the new password. Substituting numbers or symbols for some of the characters then strengthens the password. For example, the Wooster fight song begins, "Hail to the black and gold, cheer for the team." If you take the first letter of each word, you have: `httbagcftt` Next, either add a number or symbol, or change some letters to numbers or symbols. This yields: `httb&gc4tt` Finally, mixing in some upper case letters in logical places, we have the following new password: `Httb&gC4tt` As you can see, this password is difficult to guess — even by a program written expressly to guess passwords — but is relatively easy to remember. Protecting your password Passwords should never be revealed to anyone for any reason. No one from the Office of Information Technology will ever ask you for your password. If you receive a request for your password from any source, report the matter to the Help Desk at x4357. Passwords should be changed every ninety days. Passwords should never be written down or stored on any computer system (including Palm Pilots or similar devices) without strong encryption. Forgotten passwords Students must bring their College of Wooster ID to the Office of Information Technology on the fourth floor of Morgan to have their password reset. Faculty and Staff members should contact the Help Desk to have their password reset.	The Office of Information Technology Morgan Hall, 4th Floor (330) 287-3000, xHELP IT-Request@wooster.edu Monday - Friday 8:00am - 5:00pm (major holidays excepted)
© 2008 The College of Wooster · Last modified: July 03, 2007