Loading

On This Page…

 

  • Network Password Requirements
  • Changing Your Password
  • Creating a Strong Password
    • Pseudo-random Passwords
    • Changing your Pseudo-random password
    • Bad Passwords
  • How would a potential hacker get hold of my password anyway?
 

Network Password Requirements

  • Passwords will need to be at least 8 characters long.
  • Passwords must include 3 of the 4 following conditions:
    • Uppercase characters (A-Z)
    • Lowercase characters (a-z)
    • Base 10 digits (0 through 9)
    • Non-alphanumeric characters such as ~!#$%^&*_-+=`|\(){}[]:;”’<›,.?/
 

Changing Your Password

Changing your network password will change all of the following:

  • Your computer logon password
  • Your email and Outlook Web Access password
  • Your Schooltool password
  • Your Safari Montage password

Changing your password on your computer:

 
  1. Log Into your computer with your username and password
  2. After you are logged in, press Control+Alt+Delete on your keyboard
  3. Click the Change a Password… option


     
  4. Type your current password in the field that says “Old Password”
  5. Type your new password twice – in the “New Password” and “Confirm Password” fields



    **Make sure you pick a strong password that you can remember without writing down – for tips on creating strong passwords, see below.
     
  6. Click the arrow button next to the confirm password field or hit the Enter key on your keyboard.
  7. Click Ok to the window stating your password has been changed

 

 

Creating a Strong Password

Too often, you are expected to create utterly random, complicated passwords with special characters and lots of restrictions. The net result is ALWAYS a reduction in security because most people will write such a complicated password down in order to remember it.

 

Goal: Create a password that is easy to remember, but hard for anyone else to guess.

 

Pseudo-random Passwords

  1. Pick a phrase that is easy for you to remember, but that no one else will think about attributing to you. For example:
    • pass phrase 1: “My Wife’s Birthday Is April Twenty-Fifth Nineteen Sixty Six”
    • pass phrase 2: “Four score and seven years ago our fathers brought…”
    • pass phrase 3: “It was a dark and stormy night.”
       
  2. Use the first letter of each phrase to form an abbreviation. For example:
    m - My
    w - Wife’s
    b - Birthday
    i - Is
    a - April
    t - Twenty-
    f - Fifth
    n - Nineteen
    s - Sixty
    s - Six
     
    • abbreviated pass phrase 1: mwbiatfnss
    • abbreviated pass phrase 2: foscanseye (the first 2 letters of each word)
    • abbreviated pass phrase 3: iwadasn
       
  3. For added security (and usually as a requirement), change one or more of the letters into numerals and/or add punctuation to reach your new password. For example:
    • password 1: mwbi4tfns6 (“a” for “April” becomes “4”, because April is the fourth month; “s” for “six” becomes “6”)
    • password 2: 4scan7ye (“fo” for “four” becomes “4” and “se” becomes “7”)
    • password 3: Iwad&sn! (“i” becomes “I”; “a” for “and” becomes “&”; added “!”)
 
Any of these passwords would be easy for you to figure out, but would be a nightmare for a password cracker. The idea in this method is not that the password itself is easy to remember but that the process that you go through to arrive at it is so simple that you find yourself re-creating the same password with the process without even thinking about it.
 

Changing your Pseudo-random password

When the time comes to change passwords, you have a number of options. You can start over from Step 1 to change your pass phrase entirely, or you can keep the same phrase and change the order of the characters you choose from it (taking every second and fourth letter, for example). What matters is that you create very strong passwords that you can easily remember or re-create as needed.

 

Bad Passwords

When picking passwords, avoid the following:

 
  • Your name, spouse’s name, or partner’s name.
  • Your pet’s name or your child’s name.
  • Names of close friends or coworkers.
  • Names of your favorite fantasy characters.
  • Your boss’s name.
  • Anybody’s name.
  • The name of the operating system you’re using.
  • The hostname of your computer.
  • Your phone number or your license plate number.
  • Any part of your social security number.
  • Anybody’s birth date.
  • Other information easily obtained about you (e.g., address, alma mater).
  • Words such as wizard, guru, gandalf, coachman, baseball, Elmira, Pete and so on.
  • Any username on the computer in any form (as is, capitalized, doubled, etc.)
  • A word in the English dictionary or in a foreign dictionary.
  • Place names or any proper nouns.
  • Passwords of all the same letter.
  • Simple patterns of letters on the keyboard, like qwerty.
  • Any of the above spelled backwards.
  • Any of the above followed or preceded by a single digit.
  • Password examples that have been published anywhere, including the examples above.
 

How would a potential hacker get hold of my password anyway?

There are four main techniques hackers can use to get hold of your password:

 
  1. Steal it. That means looking over your shoulder when you type it, or finding the paper where you wrote it down. This is probably the most common way passwords are compromised, thus it’s very important that if you do write your password down you keep the paper extremely safe. Also remember not to type in your password when somebody could be watching.
     
  2. Guess it. It’s amazing how many people use a password based on information that can easily be guessed. Psychologists say that most men use 4 letter obscenities as passwords and most women use the names of their boyfriends, husbands or children.
     
  3. A brute force attack. This is where every possible combination of letters, numbers and symbols in an attempt to guess the password. While this is an extremely labour intensive task, with modern fast processors and software tools this method is not to be underestimated. A Pentium 100 PC might typically be able to try 200,000 combinations every second this would mean that a 6 character password containing just upper and lower case characters could be guessed in only 27½ hours.
  4. A dictionary attack. A more intelligent method than the brute force attack described above is the dictionary attack. This is where the combinations tried are first chosen from words available in a dictionary. Software tools are readily available that can try every word in a dictionary or word list or both until your password is found. Dictionaries with hundreds of thousands of words, as well as specialist, technical and foreign language dictionaries are available, as are lists of thousands of words that are often used as passwords such as “qwerty”, “abcdef” etc.