Password Creation and Management Tips

Information Security

Left Nav

Information Security

During your time at Berry you will use a number of passwords. This page is intended to give you tips to help you both easily create and securely manage your passwords.

All students will be issued an Office365 email account, a VikingWeb account, an Active Directory account, and can request an EZConnect password.  Access to resources will depend on one of these passwords. You must change and manage all of these passwords on a regular basis for them to be effective, usually every 30 to 90 days. Office365 email passwords and Active Directory passwords can be reset and managed through the Berry MyApps portal.  VikingWeb passwords can be reset from the main page of VikingWeb

Please understand that if your password is exposed, it is not only your accounts, but potentially other campus systems could be accessed or compromised by leveraging your information.

PASSWORD MANAGEMENT TIPS

  • Passwords must be changed regularly (every 30 to 90 days).  You should immediately change your passwords if you suspect they are compromised.
  • Do not use the same password for multiple accounts.  Particularly, do not use the same password for your Berry accounts that you use for non-Berry accounts.  More importantly, do not use the same passwords for your financial accounts, such as banks, credit card companies, PayPal, etc. since a compromise has the potential to damage your credit rating for years.
  • Do not write down your password! Use a password manager. These simplify password management, leaving you only one password to remember. Good candidates are LastPass and KeePass.  NOTE: The Office for Information Technology (OIT) cannot provide support for these programs.  Please do not place a request with the Technical Support Desk asking for help with a password manager. If using a password manager, make sure the master password is a strong password!  More information on creating passwords is below.  
  • If you are given the option to provide yourself a hint or create security questions, do NOT use personal information like mother's maiden name, the city where you were born or pet's names. This information is commonly posted to social media or can be obtained easily. If you only have these choices, then make up the answers based on a theme or select a movie or fictional character.  For example, if the security question asks for your pet's name, instead use the name of a favorite pet, animal or even a person, from a movie or book.  Just don't tell anyone your system, and if using a password manager, record this information so you don’t forget it.
  • Be sure to log out of any system you log into, especially if accessing it from a shared computer in a lab or at a public kiosk.
  • Do not share your passwords with anyone, even OIT staff.  No one who works for OIT should ever ask for your password, but if they do, politely refuse.  A request for your username and password is never legitimate, especially via email.  If this happens, you can be certain it is an attempt to steal your credentials. Please report attempts to steal your credentials to infosec@berry.edu.

PASSWORD CREATION TIPS

DO's

  • Your password must be at least eight characters long, preferably twelve.  The longer the password, the better. 
  • You must also use three out of four of the following - upper case letters, lower case letters, numbers, or symbols.  Spaces are a good idea also, as many password cracking programs still handle spaces poorly.  If spaces are not allowed, pick a letter, number, or symbol to represent a space.
  • Use more than one number or symbol, and not just at the end or beginning of the password.  You can substitute numbers for letters, i.e., "3" for e, "1" for i, etc, but don't depend on these to make your password more secure - these common substitutions are expected in password cracking programs.

DON'TS

  • DO NOT use simple dictionary words, personal data, names of pets, or anything else easily guessable about you, either forwards or backwards.  The Berry system does not allow you to use any part of your username in your password (down to three letter precision), and this is a good rule to follow as you create passwords. For example, if your name is David, you cannot use “dav”, “vid” or “avi” in your password.
  • Do not use common phrases or the first letter of words from a common phrase, i.e. "I am too smart for my own good" becomes "iatsfmog".  These phrases are included in many password cracking word dictionaries and are not secure.
  • Do not simply increment a number in a base password. For example - If your password is "LetMeInNow1" for one website, do not use "LetMeInNow2" on another site or as a replacement for the original "LetMeInNow1" password.
  • Do not create and use a password you cannot remember, unless you use a password manager to store it.
  • Do not write it down!

Creating hard to guess, but memorable passwords

  • Use mangled quotes - take a quote that is memorable to you and mix it up.  You don't have to necessarily change the quote itself, but you should make some letter substitutions and possibly change any spaces to a seldom used letter.  For example, the opening line of Moby Dick, "Call me Ishmael", becomes "CallxmexIshmae1".  Better yet, change the name to something else (not your name).  Instead of "Ishmael" use a descriptive word for yourself.  "Call me Ishmael" becomes "Callxm3xKrazy".  While misspelled words alone do not increase the security of a password, the combination of using a phrase instead of a word (more characters), substituting a number for a letter, changing a space to "x", and misspelling "crazy" is a fairly strong password.  The website How Secure Is My Password claims that it would take a computer 158 thousand years to crack the “Callxm3xKrazy” password.
  • Use random, everyday words mashed together - pick three or four items in your room, or items you see every day and put them together.  If you have a stress ball on your desk, and a black light in your aquarium, they could result in this password - "BlackfishStr3ss".  The How Secure Is My Password website claims an astounding 609 million years would be required to crack this password.  It is memorable to you because you see these objects every day.  This concept of using everyday words as parts of a password was drawn from a comic on the xkcd website.  See it here.

Whatever method you choose to create your passwords, following these tips will increase their effectiveness and your security.

 Back to Top

Footer Menu