IT Interface Newsletter Spring 2010
Password Protection: The Stronger, The Better
In addition to ignoring phishing e-mails, members of the UMass Lowell community can take other steps to prevent their e-mail accounts from being broken into, especially by taking steps to have strong passwords. Passwords are the first line of defense for e-mail. Passwords are what prevent anyone from logging in to an individual’s e-mail, which is why it is so important to have a strong password that cannot simply be guessed.
On UMass Lowell’s Exchange e-mail, user passwords are required to be at least eight characters long and must contain three of these four requirements: a capital letter, a lower case letter, a number, and a special character, such as @, #, $, %, &, ! However, there are a few other steps UMass Lowell e-mail users can take to keep their passwords strong. First, never make a password guessable. For instance, a password should not be the user’s name or birthday. Even though those may be easy to remember, it is also easy for someone else to guess. It is important to use a variety of characters in a password. The e-mail platform requires users to have so many different characters, but users can go beyond that to make the password more complex. Also, the longer the password, the harder it will be for anyone but the user to figure out.
Another tip for a strong password is to try something like a passphrase. A passphrase is a memorable phrase that takes the first letter of each word to form the password. For example, “I went to Lowell High School and graduated in 2010!” can turn into “IwtLHSagi2010.” To the user it is easy to remember, but hard for anyone else to crack!
Faculty and staff need to remember, however, that a strong password will not prevent phishing e-mail. The only way to avoid phishing is to ignore the e-mail.