Search
eHelp  

eHelp » Identity Management » Password Complexity

Guidelines for passwords

Protect your password. If someone else has access to your password, they have access to your money and your reputation.

Your BroncoPassword must meet all the following requirements:

• A minimum of 8 characters.
• At least three of the following four types of characters:
  1. Upper-case letters, ABCDEFGHIJKLMNOPQRSTUVWXYZ
  2. Lower-case letters, abcdefghijklmnopqrstuvwxyz
  3. Numbers, 1234567890
  4. Special characters, <space> and .,?!:;()[]{}<>/|\+-=*@#$%&_~`^"
     

You should also follow these guidelines:

• Do not use your user name or any part of your real name.
• Do not use a single word in a common language. There are tools for hackers that search through electronic dictionaries, trying every word.
• Avoid characters other than those above, such as accented characters (áèôü) or characters from other alphabets (Ρωσικά, Греческий). The basic system will handle these passwords, but you may not be able to enter them correctly through web pages.

We recommend a "pass phrase" composed of four (4) words and punctuation. A pass phrase is a longer version of a password and is therefore more secure.  A pass phrase is typically composed of multiple words. Examples of pass phrases:

• I like ice cream.
• Turn Off Cell Phones!
• It was hot today.
• Cal Poly Broncos rule!
• My password is so cool that no one will ever crack it!

If you choose not to use a passphrase, here are some other ways of picking a secure password :

• Spell a word backwards (anomopyloplac1#).
• Insert a number (calpo7lyPomona) or punctuation (go!Broncos).
• Use weird capitalization (remember that it counts), or combine words (broNCOsrOOL!)).
• Use the first letters of each word in a phrase (“I can never remember my stupid password!” = Icnrmsp!).
• Combine things you will remember ("I like to eat broccoli and listen to Beethoven = broCColi@bEEthoven).

When you use your password with a web browser like Firefox or Internet Explorer, it saves the password in memory as long as it is running, so remember to quit the browser when you are finished using it unless no one else has access to the computer you are using.

Never give your password to anyone. If you think someone else has your password, reset it right away (before they reset it and steal it from you). No one officially connected to Cal Poly Pomona should ever ask you for your password, although the personnel at the Help Desk will provide you with a temporary password if you ask them to reset your account (remember to change it as soon as you can).