February 10, 2010
In 2007 the University of Maine System, in cooperation with the seven campuses, drafted and accepted an Administrative Practice Letter (APL) titled Strong Passwords, to increase the use of better passwords for computer systems. The letter was in-line with technology practice, but ahead of what could be implemented by the many computer systems across the University system. We are now in a position to implement the spirit of this practice on the USM network. Starting mid-January (2010) new password restrictions will be put in place.
This will affect you the next time you change your password. Your new password will have to adhere to some specific complexity requirements to ensure it is “secure.”
Specifically, your new password will need to:
- contain upper and lowercase letters
- contain at least one special character (!@#$%^&*…) or digit (0-9)
- be at least 8 characters in length
- not be a recognizable word
- be changed at least every 180 days
- not be the same as one of your 10 most recent passwords
The USM Password change web site has been modified to display additional information, when changing your password, about these restrictions. It will require your new password to adhere to these standards and guide you in choosing a good password.
In addition, the password generator has been updated to provide a random selection of suitable passwords.
Understandably, complex passwords are hard to remember as well as being hard to crack or guess. For this reason, if you cannot remember your new password, feel free to write it down and keep it where you keep your other personal information (like debit cards and licenses). For more information on this recommendation, please take a look at our previous post How to Change Your USM Password.
[Update 3/31/2010 by Houser] How I’d Hack Your Weak Password; article on why and how to select good passwords.