This site requires JavaScript to be enabled
An updated version of this article is available

Password Management

9 views

8.0 - Updated on 10-10-2024 by Christmaelle Vernet

7.0 - Updated on 10-07-2024 by Jen Reil

6.0 - Updated on 10-07-2024 by Jen Reil

5.0 - Updated on 09-30-2024 by Tom Howe

4.0 - Updated on 06-13-2024 by Sai Hamsa Lekha Yerra ESD

3.0 - Updated on 03-25-2024 by Jen Reil

2.0 - Updated on 09-05-2023 by Jacob Cunningham

1.0 - Authored on 10-25-2019 by Jason Houghton

On this page:

 

Setting up and maintaining safe passwords is essential to online account security. Some simple tips you can use to create safe passwords are provided below. Your department may have other security policies that you must follow if they conflict with these password tips. 

To protect your IT Account information, it is critical that you:

Construct a strong password.
Password-guessing software has become increasingly sophisticated and many break passwords using 'dictionary attacks,' which try endless combinations of characters. Follow the Complex Password Requirements listed above to ensure that your password can withstand these types of attacks.

Do not save your password.
Some applications offer to save your passwords. Always say ‘No’ when prompted to save a password online. Also, never write down your password. Instead, create a password reminder in case you forget it. For instructions on how to create a password reminder, see our Account Password Rules page.

Do not share your password.
By making passwords available to others, you put your personal information at risk and make it vulnerable to misuse. Do not send your password via email even if the message asking for your password appears official. Note that the UMass Amherst IT Help Center will never ask for your account information via email.

Change your password periodically.
To protect your password from ‘dictionary attacks,’ change your password twice a year. If you suspect that your password has been stolen or compromised, change it immediately. You can change your IT Account password in SPIRE.

Do not recycle your password.
Do not use your IT Account password for other services (e.g., your bank account or your non-UMass email address). If your password is hacked, all the accounts using this password are at risk.

Log out of IT services.
Remember to log out of any IT service (e.g., SPIRE, computers in the IT Computer Classrooms) when you are finished using the service or when you step away from your computer.

What's at stake?

If your password is compromised, you jeopardize:

It is critical that you create strong passwords that you maintain appropriately. Remember, in computer security, passwords are always the weakest link!

Use different passwords for different services

If you are using the same password for your email, bank account, and computer, and one account is hacked, all other are at risk. Create at least three different passwords for:

To keep track of your passwords, use one of our password strategies.

Change your passwords regularly

Passwords become vulnerable over time. To reduce the risk of your computer being compromised, we recommend that you change your passwords at least twice a year. If you suspect that your password has been stolen or compromised, change it immediately. Learn how to change your IT Account password in SPIRE.

Do not share your password

By making your passwords available to others (even people you trust), you put your personal information at risk. Please do not share your passwords!

Never send passwords or other sensitive personal information via email even if the original message appears official. Learn more about phishing scams. Note: UMass Amherst IT will never ask for your IT Account password or other sensitive information via email.

Do not use Remember My Password features - create a password reminder in SPIRE

Some applications will offer to save your passwords. Always choose 'No' when prompted to save a password online. We recommend that you create a reminder for your IT Account password and use our password tricks to create strong passwords that you can actually remember.

For your IT Account password, store a word or phrase in SPIRE to help jog your memory in case you forget it:

  1.  Log on to SPIRE with your NetID and password.
  2.  In the SPIRE navigation, go to My SPIRE > Change My Password. To set your reminder, you will need to change your password first.

Avoid writing down your password

Storing passwords on post-it notes on your monitor is an open invitation to access your information. At UMass Amherst IT, we believe no location is safe enough for storing passwords. If you absolutely must write down your passwords:

Another strategy for remembering passwords is to use themes & rules:

Choose a theme for all your passwords (e.g., your passwords are always based on your favorite songs or movies). Decide on a few rules that you'll use to construct your passwords. For example:

  1.  Select a song: Rome wasn't built in a day by Morcheeba.
    Theme: music. Rule: Use song name and artist.
  2.  Condense into a string of letters: rwbinadbm
    Rule: Use the first letter of each word
  3.  3. Add complexity: RwBi@dBm*00
    Rules: The first and third letters are always capitalized. 'a' is always replaced by '@", the password always ends with a symbol and two digits.

Note: Please do not use this example. Hackers often try passwords available in reference materials.

Authored by Jason Houghton
Last modified 07-28-2020 12:33:26