Password Security: Keep It Safe, Keep It Private
Many people have a fairly casual attitude toward password privacy and security: Passwords are sometimes printed and posted openly, and occasionally people will even share their password with others to enable them to perform some task. While these practices may seem harmless, making your HampNet password public can open up confidential data and provide opportunities for abuse. It only takes one untrustworthy person to cause considerable trouble using another's password.
Here are a few of the reasons you should always keep your HampNet account password private:
- HampNet accounts give access to multiple places. Sharing a password to let a person do one thing opens up access to a lot of other activities. For example, giving out your email password also gives access to TheHub, the Intranet, and possibly newmisserver; this compromises personal financial information as well as Hampshire confidential information.
- Some security flaws rely on having access to an account on a machine. For example, someone logging in to an email server with a regular user account could then launch an attack to attempt to get administrative (super user) privileges. Giving out a password for a machine a user doesn't normally have access to increases the chances that the machine can be broken in to.
- People are protected by not having access to systems they shouldn't. If the system is compromised, they will not be considered a suspect.
You are responsible for the security of your account and the confidentiality of your password, and you are required to change your Hampshire password once a year. The page at password.hampshire.edu will help you choose a strong, secure password.
Hampshire passwords must:
- Contain at least 8 characters
- Have at least one uppercase and one lowercase character
- Contain at least one non-alphabetic character (that is, a number or symbol)
- Not have been used for this account at Hampshire previously
In addition, the password will be checked against a dictionary of commonly-used, easily-guessed words.
A good password is:
- Something that others cannot guess.
- Something that you will remember.
On the other hand, a bad password is one that contains
- Any complete word
- Any personal information (name, birthdate, children/pet's names, SSN, etc)
To create a password you can remember (but others cannot guess):
- Think of a phrase you're likely to remember, perhaps lyrics for a favorite song, or a favorite line from a movie. For example:
You know how to whistle, don't you, Steve--you just put your lips together and blow.
(You can't use a questionmark in our passwords, so I've modified the punctuation a bit.)
- Keep the first letter of each word and insert numbers or characters where appropriate. I came up with:
This will create a very secure password that you can most likely remember anytime you need it.