Use strong passwords

Use strong passwords

This is an essential security practice.

Members of the University community log in to several accounts daily: UDSIS, Google Apps @UDel.edu, Sakai@UD, and other University systems. We also log in to our computers when they start up, and we log in to different sites like Facebook, YouTube, and Gmail every day.

It's not easy to manage the passwords you use, and it's harder still to think of new, secure passwords that you'll remember. However, using the same password for more than one account or using a password that's easy to guess will not sufficiently protect your sensitive information and may even expose other people's information, too.

Be aware that password-only protection is a single point of failure: if someone cracks or steals your password, your account is now vulnerable to unauthorized and fraudulent use. Two-factor authentication (2FA) requires a second factor, such as an authentication code, a biometric, or a security question, to authenticate access to the account. This means that the account is still safe even if the password is compromised.

Requirements

Faculty and staff are responsible for ensuring that their University accounts and devices, including personal devices that are used for University activities, are protected by strong passwords. Keep passwords private and secure.

Your UDelNet password

Your UDelNet password—which is used with your UDelNet ID to access UD email, library resources, UDSIS, UD HR systems, and other information restricted to the University—must conform to the following rules.

  • Must be 12 to 30 characters in length.
  • Must not consist of a single word or name.
  • Must contain at least three of the following:
    • An uppercase letter
    • A lowercase letter
    • A number
    • A special character, including punctuation marks and symbols (excludes the "space" character).
  • Must not be an obvious University-related phrase (e.g., "BlueHens2020" would be rejected).

Passwords are required to be changed periodically.

Students, faculty, and staff can change their UDelNet passwords by logging in to My UD Settings and following the on-screen instructions. Other members of the University community should instead log in to the Network page and follow the on-screen instructions there.

Never share your UDelNet password with anyone else or use it for any other accounts or devices.

Two-factor authentication (2FA)

2FA is a security setting that helps ensure account security. Authenticating to a 2FA-enabled account requires a second factor, such as an authentication code, a biometric, or a security question. This means that the account is still safe even if the password is compromised.

Your UD PIN

Your UD PIN (Personal Idenfication Number) is a 6-10 digit number that is used along with your UD ID to authenticate to certain University systems. To ensure the security of personal information, your UD PIN must be kept strictly confidential.

The University is phasing out UD PINs.

Never share your UDelNet PIN with anyone else or use it for any other accounts or devices.

Device passwords

IT devices, including smartphones and tablets, are required to be protected by strong passwords to prevent unauthorized access.

  • Enable password protection for IT devices.
  • Choose a strong password. If your device accepts only simple passcodes, choose a passcode that is not obvious and not easy to guess.

Never share your device passwords with anyone else. Avoid using them for any other accounts or devices.

General guidelines

  • Use a unique password or PIN for each account you have.
  • Use a password that you will remember.
  • Whenever possible, choose a password that uses the most number of characters possible. As the length of your password increases, so does the security of that password.
  • Using a passphrase is the safest option. Passphrases are strings of words or text that are longer than traditional passowrds, such as "K1ngH3nrytheV."
  • Do not allow your broswer to "remember" your username and password. In general, this is an insecure method of storing passwords; anyone with access to your computer can also access your online accounts for which you've stored your login information.
  • Do not share your passwords with anyone.
  • Always avoid using the following as passwords:
    • Dictionary words
    • Names, including names of pets and best friends
    • Dates, especially birthdays and anniversaries
    • sequences (e.g., qwerty, 12345)
    • repetitions (e.g., aaaaa, 00000)
    • "Obvious" or commonplace passwords or passphrases (e.g., password, password1, letmein, UDpassword)
  • Enable two-factor authentication to provide an additional layer of protection for your accounts.

External resources

Create a strong password (Microsoft)
Outlines a method to create a memorable and secure password and includes and example.

Secure Password Generator (PC Tools)
Generates a secure password with options to change the length, case, and character type. Use this as an example to generate a secure password of your own.

OUCH! Newsletter: Password Managers (SANS)
Explains what password managers are and how they can help you manage strong and secure passwords for your many accounts.