Information Technology

Protecting Your Passwords

Passwords are used just about everywhere, to protect just about everything. Follow the tips below to make sure that your use of passwords is secure.

Picking a Password

The first step in password security is making sure that you follow good password selection practices.

Choose a Strong Password

Hackers use special programs called password crackers to try to guess users' passwords. To defend against these tools, it's important to choose a strong password. Passwords used to access New School systems and applications:

  1. Must be at least 8 characters long (10 or 12 characters is better)
  2. Must contain characters from at least three of the following categories:
    • Uppercase letters: A through Z
    • Lowercase letters: a through z
    • Base 10 digits: 0 through 9
    • Non-alphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/  
  3. Must not contain your NetID
  4. Must not contain elements of your full name
  5. Must not be the same as any of your last seven passwords

We also recommend that you avoid choosing things that are easily discovered about you (for example, by looking at the pictures on your desk or reading your Facebook page) like names of relatives or pets, names of streets or towns where you've lived, names of schools you've attended, names of favorite sports teams, names of favorite musical groups, etc.

Here's one popular method for choosing a strong password that meets the above requirements and is easy to remember:

  1. Think of a line or two from a favorite song or a poem, and use the first letter of each word.
  2. Use numbers to replace a couple of letters: '1' looks like an 'I', '2' looks like a 'Z', '3' looks like a backward 'E', '4' looks like an uppercase 'A', '5' looks like an 'S', '6' looks like a lowercase 'b', '7' looks like an upside-down 'L', '9' looks like a lowercase 'g', and '0' looks like an 'O'.
  3. Add a punctuation character somewhere.

For example, in Step 1, "I wish I were an Oscar Mayer wiener" becomes "IwIwaOMw". In Step 2, we can replace an 'I' with a '1' and the 'O' with a '0' to get "Iw1wa0Mw". Finally, in step 3, we add an exclamation point to get our final password, "Iw1wa0Mw!".

Use Different Passwords for Different Accounts

If someone obtains your password, then that person has access to everything that password protects. To help keep your information secure, you should use different passwords for different systems and web sites. Here are some general guidelines:

  • Do not use your New School password on any non-New School sites
  • If you are a Banner user, do not use your regular New School password for your Banner account
  • Use different passwords for work and personal email accounts
  • Use a different password for each of your online banking and credit card sites, and don’t use those passwords for anything else
  • Use a different password for each of your online shopping sites (or other sites that have credit card or bank account information on file)

Remembering Your Passwords

If you follow the password selection guidelines above, each password you create should be easy to remember, but you'll be creating a lot of them, and you may forget the ones you don't use that often.

Never Write Passwords Down

Never write your passwords down on paper. Unless you're going to keep the paper in a safe, chances are someone will find it and use it. Likewise, never store your passwords in a file on your computer, or in a "note" on your smart phone. If someone gains access to your computer or phone, all your passwords will be useless.

Avoid Web Browser Password Saving Features

Most modern web browsers will offer to save the usernames and passwords of web sites for you. But many of these implementations do not protect your passwords very well, so it's a good idea to just avoid all of them, at least for passwords to sensitive sites (like your bank account).

Use a Password Manager Application

If you have too many passwords to remember, the best solution is to use a password manager. These are applications and browser plug-ins that securely encrypt and store all your usernames and passwords, protecting them all with a master password that only you know. Some of them also provide features to automatically generate secure passwords, synchronize passwords between multiple devices (e.g., your home and work computers and your smart phone), and store other information such as account numbers. These applications are particularly good for helping you use long, strong passwords and a different password on every account.

A few of the more popular password managers are:

Note: The list above is provided for your convenience only; The New School does not endorse or provide support for any of the products listed.

Sharing Your Passwords

NEVER, EVER, share your passwords with others. That includes sharing them with anyone who claims to be from The New School, or your Internet service provider, or your bank or insurance company. All those organizations have other ways to access your information (legitimately); they do not need your password to gain access. Any email message you receive asking you to provide your password for any reason ("system maintenance," "updating account information," "email storage limit exceeded," etc.) is most likely fraudulent and should be ignored.

Note especially that The New School Information Resource Acceptable Use Policy prohibits sharing your New School system and application passwords with anyone else. This includes giving someone your password so that they may access the wireless network.