Passwords are a critical information security component. Passwords are used to authenticate, or validate, that the person using your Logon-ID is really you. However, passwords are also one of the most common targets of people trying to access information without authorization.
What does this mean to me?
Creighton University password policy is designed to make passwords difficult to guess in order to keep your account, and the University safe and secure.
The password construct rules are:
-Passwords must be at least 8 characters in length.
-Passwords must contain 3 of the 4 following character sets:
-Upper case letters
-Lower case letters
-Special Characters (such as !@#$%^&*(), etc.)
In addition to the password construct rules, the policy will also enforce these other properties:
-New passwords cannot be the same as any of the previous 10 passwords.
-Passwords will automatically expire every 180 days.
-Passwords cannot contain part of your NetID or name
Creating a Strong Password
A strong password is one that is easy for you to remember, but difficult for others to guess. Hackers won't waste their time trying to manually guess your password, but they have programs that can try thousands of passwords in seconds. They generate these passwords either randomly/sequentially (Brute Force), or by using lists of common words and other commonly used passwords. As your password is often the only line of defense between your account and the malicious user, it is vital that you create a good, strong password and keep it safe.
Some tips for creating a strong password:
- The longer and more “random” the better.
- Use a phrase instead of a word to form your password
- Maybe a line from your favorite song / book / movie
- Don’t use the names of popular songs, bands, or movies. These are often used by many people and easily guessed
- Don’t use personal details like your name, birthdate, or SSN
- Replace parts of the words with other characters to meet complexity requirements
- Eg: “I want a strong pass” => “1 wanT 4 str0ng PAzz”
- Use different passwords for different sites / applications
Can I write down my 'strong' password?
Yes, but do it in a smart manner. Don't write your password somewhere where others may find it (such as on a post-it note stuck to the monitor or in your rolodex under "P"). If you feel you have to write down your password you may want to download a free or inexpensive password vault application that will store your passwords in an encrypted file or you may just write your password in a manner or location that if found someone would not know it was your password. Be smart, don't compromise Creighton's security by falling victim to convenience over security.
What if I forget my password?
DoIT has created a password reset function in the AMI application. Go to http://ami.creighton.edu and click on the "Forgot your password?" button and follow the online instructions. Before you are able to use this functionality, you must have created a security profile by providing answers to three security questions and providing an alternate email address or phone number capable of receiving text messages. You can create this profile by going to AMI, logging in, and clicking on "Modify Personal Information".