Passwords are secret codes that keep your information private and protects access to applications and websites meant only for you. The University takes strong measures to protect the integrity of your password by only storing an unencryptable version of your password and by enforcing a password expiration policy (see: Password Expiration).
Even with these safeguards, we need to choose strong passwords (so that intruders can't guess our password) and then protect them well.
Choosing a strong password
There are 3 guidelines to follow to create a strong password:
- A large character set.
- The larger the set of characters you choose from, the more possibilities that a computer has to guess for each character of your password. If you use only lower case letters, that's 26. Include uppercase and you have 52. Add numbers and special characters and you have increased the character set to 95 possibilities for each character of your password.
- A long password.
- Using our 95 characters to choose from, if we choose a 2 character password, there would be 8,930 combinations to test in order to guess your password. For a 4 character password, there are 76,405,080 combinations! The guessing is usually done by computers which are very fast. We require a minimum of 8 characters in our standards, but longer is always better when it comes to passwords.
- Memorable is better.
- It's possible to follow the guidelines above (and the strong password policy) and still have a password you can remember and don't have to write down. Don't use passwords that are based on things that could be easily guessed (a spouse or child name, for instance), but start with something memorable, for example a portion of a song lyric, sprinkle some upper and lowercase, numbers and special characters and you'll have a password that you can more easily remember. Personalize the way you alter the base of the password. For instance, don't capitalize only the first letters. Don't substitute one's for lowercase "L"s - these are all known strategies that a person trying to guess a password would use. And when you change your password, don't make the new one memorable by using the old password and changing the last character to be the next number in line - start fresh each time you set a new password.
Be careful where you change your password!
A common practice by hackers is to pose as local IT service people in mail and ask you to change your password or confirm you are using your account by supplying your password. This is a ploy to gain access to your account, and is called Phishing.
Here’s how you can distinguish between a legitimate password expiration notification and a Phishing attempt:
- We will never ask you for your password in mail or otherwise.
- Password expiration email will always come from firstname.lastname@example.org.
- We will not send a direct link to the password change page, but will tell you how to get to it.
- The password change utility will always be on a maine.edu URL.
If you have any questions please call the Support Center at 1-800-696-HELP (1-800-696-4357) or email them at email@example.com.