Secure Password Tips
Before You Change Your Password
- Hampshire passwords have to be changed every 180 days. If you are required to change your password, you will receive email messages telling you when it must be changed.
- If you want to change your password more frequently, go right ahead. There's no reason not to change it; just go to password.hampshire.edu.
- If you change your password, you will also have to change it on any phones or devices that access Hampshire email or calendar services.
- If you don't have your cell phone or access to email, opt out of the alternate contact method. If you choose an alternate contact method a code will be sent to the device or account, and you will have to enter the code to continue. If your cell phone isn't with you or you can't access your alternate email right away, you can backtrack and choose to opt out.
- If you are choosing security questions, be aware there are multiple options for each question. Just click on the questions to reveal the other choices.
- Password requirements are more strict than in the past. You will need to use at least 8 characters, one non-alphabetic character, one capital letter, and not use words found in the dictionary. Ideas for creating good passwords can be found below.
- Pick something you can remember without writing it down. Kind of defeats the purpose if you put it on a sticky note on your computer.
- Don't have Firefox or Thunderbird remember your passwords unless you first set a master password. See below for details.
Choosing a Great Password
Read the Hampshire IT password policy »
Poor, weak passwords have the following characteristics:
- The password contains less than eight characters
- The password is a word found in a dictionary (English or foreign)
- The password is a common usage word such as names of family, pets, friends, co-workers, fantasy characters, etc.
- Computer terms and names, commands, sites, companies, hardware, software.
- The words "Hampshire College" or "Hamp" or any such derivation.
- Birthdays and other personal information, such as addresses and phone numbers.
- Word or number patterns such as aaabbb, qwerty, zyxwvuts, 123321, etc.
- Any of the above spelled backwards.
- Any of the above, preceded or followed by a digit (e.g., secret1, 1secret)
Strong passwords have the following characteristics:
- Contain both upper and lower case characters (e.g., a-z, A-Z)
- Have digits and punctuation characters as well as letters (e.g., 0-9, !*_+)
- Are at least eight alphanumeric characters long.
- Are not a word in any language, slang, dialect, jargon, etc.
- Are not based on personal information, names of family, etc.
So, how can you come up with a strong password? On the one hand, it should be something that can be easily remembered, so that you're not tempted to write it down or store it online. At the same time it should have those pesky characteristics of a strong password, which can seem somewhat daunting at first glance. It might seem like those are mutually exclusive characteristics, but they don't have to be.
One way to do this is create a password based on a song title, line from a movie, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation. Whatever you do, if you start with something personal and unique, and then make it unidentifiable with your own coding, you'll end up with a great password.
Oh, and please don't use any of our examples!
Password Security: Keep Your Password Private
Do Not Save Passwords in Browsers or Email Applications
If you're a Thunderbird or Firefox user and have ever allowed them to save your password, you might want to think again. Try this...
- In Thunderbird go to the Thunderbird→Preferences... (Mac) or Tools→Options... (Windows) menu.
- Click on the "Security" icon.
- Click on "Passwords."
- Click on "Show Passwords."
- Click "Yes" to confirm.
If what you see is a list of passwords, please click "Remove All." It will mean that you have to enter your password for sending and receiving mail once per each Thunderbird session, but it's worth it. Just think: Not only can anyone who sits down at your computer log into your email, they can see, in plain text, what your password is. Enough said?
Now that you've removed your saved passwords from Thunderbird, do the same thing with Firefox. Please.
How to Use a Master Password in Firefox or Thunderbird
Recently we told you why we don''t like users to save their passwords in Thunderbird or Firefox. If you still want to save your passwords, set up a master password to protect yourself.
Thunderbird and Firefox are always offering to save passwords you enter. It makes life easier not to have to enter them all the time, but one problem is that anyone who opens your Thunderbird or Firefox can request to view your saved passwords. A master password safeguards against that: In order to view saved passwords you have to know the master password.
Creating a Master Password
- In Thunderbird, select Thunderbird-->Preferences (Mac) or Tools-->Options (PC). In Firefox, select Firefox-->Preferences (Mac) or Tools-->Options (PC).
- Click on the Security padlock icon.
- Check "Use a master password."
- Enter a new master password, something you will remember but that is sufficiently secure to deter snoopers. You will have to type it twice, the second time for verification.
- Click on "OK" and then close up the Preferences/Options, and you're all set.
You will be asked for the master password any time you request to view saved passwords.
If you Forget the Master Password
There is a way to remove the master password if you forget what it is. The catch is that, for security reasons, doing this will also force Thunderbird or Firefox to forget all saved passwords.
- Type "chrome://pippki/content/resetpassword.xul" into the address (left side) bar.
- Press the Enter or Return key.
- Click "Reset."
- Confirm that you want to reset it and you're all set.
- Choose Tools --> Error Console
- Paste the expression:
- Click "Evaluate."
- Confirm the reset.
- Click "OK."
- Close the window.