Frequently Asked Questions about Passwords

The following questions and answers will help you understand more about what passwords are used for at Brown, the importance of password security, and how to choose a good password. You should also familiarize yourself with Brown's password requirements detailed in its Computing Passwords Policy.

Obtaining and Using Passwords at Brown

• How do I get an email password?
• What other services can I use that password for?
• What other accounts and passwords does CIS manage?
• How can I change my password?
• What do I do if I forget my password?

Choosing a Good Password

• What are the basic password guidelines at Brown?
• Complex passwords are harder to remember, especially those with numbers and special characters. Won't any password be sufficient?
• What are some strategies for choosing a good password?

Securing Your Password

• Why should I care about password security?
• How does someone steal a password?
• Why do people steal passwords?
• How often should I change my password?

Obtaining and Using Passwords at Brown

• How do I get an email password?

  You can activate your electronic services at Brown once you have your ID number. For students, this is the number that starts with SIS. For faculty and staff, this is the 9 digit number that is on your Brown ID. Visit the myAccount account activation site for further information.

• What other services can I use that password for?

  Your password is used for central services that require a login. These include web resources (such as webgrades, webledgers, WebCT, or web pages that are limited to the Brown community), computer clusters (logging in on Macs or PCs in the CIT or Libraries), and email/calendaring services (using a desktop client, such as Outlook Express, or a web client, like OWA). Your password in conjunction with either your NetID (for older services) or your AuthID (for those that are newer) is your key to most electronic services at Brown.

• What other accounts and passwords does CIS manage?

  Administrative systems such as FRS (Financial Records System) and HRS (Human Resources System) have accounts that are managed by CIS. For more information about the types of accounts, and how to get one, see the forms web site.

• How can I change my password?

  You can change your password yourself on the myAccount web site. You will need to login first using your current password to do so.

• What do I do if I forget my password?

  If your forget your password, you can get it reset during the business day. Bring a picture ID to the Help Desk, and a staff person there can assist you.

Choosing a Good Password

• What are the basic password guidelines at Brown?

  Brown's Computing Passwords Policy provides guidance on creating and using passwords in ways that maximize security of the password and minimize misuse or theft of the password. A complete list of requirements for a good, strong password can be found there. The bottom line is:

  • Never choose an easy-to-guess password. Personal information which can be easily obtained by crackers should never be used in passwords. Examples of extremely bad passwords are words such as your significant other's name, your children's names, your birthday, your dog or cat's name, your favorite NFL team, etc.
  • Do not choose passwords such as "rainbow1" (a simple lowercase word followed by a digit) just to satisfy the restrictions used by the CIS myAccount software. These passwords are also very easy to crack.
  • Choose a difficult password, but not one so difficult that you cannot remember it. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W_r~" or some other variation. NOTE: Do not use either of these examples as passwords!
  • Do not write down your password (unless you adequately secure it).

  The following rules apply specifically to accounts activated with myAccount.

• You must choose a password which is at least eight (8) characters long with at least one character being a digit or a symbol.
• Your password must not exceed fourteen (14) characters in length.
• You are not allowed to use spaces or any of the following special characters in your password: *+,/:;<=>?[\]|
• You password must not appear in a dictionary.
• Your password must not include the same character repeated more than 3 times. This is an example of an invalid password: AAAAAAAA1
• Your password must not include more than 3 sequential characters on a computer keyboard. This is an example of an invalid password: QWERTYUI or 12345678A

Regardless of the password you choose, it is important to remember one critical rule: NEVER share it.

• Complex passwords are harder to remember, especially those with numbers and special characters. Won't any password be sufficient?

The use of complex combinations of characters is required to guard against the increasingly sophisticated automatic password-cracking mechanisms that now proliferate. The more complex the combination of characters used, the greater the chance that password crackers will fail. Brown's networks are continuously scanned, internally and externally, from all parts of the globe, and if there is a weak password to be had, it will be found and used to gain entry. Computers may be protected through the use of anti-virus software, personal firewalls, secure configurations, etc., but should the computer have a weak password, it can be cracked almost instantaneously and its contents and connection compromised.

• What are some strategies for choosing a good password?

  Here are some suggestions from a password FAQ at Duke University:

  • Use lines from a childhood verse
    Verse Line: Yankee Doodle went to town
    Password: YDwto#town
  • Pick letters from a phrase that's meaningful to you
    Pass Phrase: Do you know the way to San Jose?
    Password: D!Y!KtwTSJ?
  • City Expression interspersed with street address
    Chicago is my kind of town
    Password: C1i2mY1K5o6t
  • Foods disliked during childhood
    Food: rice and raisin pudding
    Password: ric&rAiPudng

Note: Obviously, you shouldn't use any of the passwords used as examples in this document. Treat these examples as guidelines only.

Securing Your Password

• Why should I care about password security?

  The information that your account has access to may be of a confidential nature and/or important to the University, and it is your responsibility to keep it secured. If someone were to get into your account, they may see information such as: social security numbers and names, credit card numbers, disciplinary information about a student, etc. Should any of this information be read by someone who is not authorized to see it, Brown, your department, or even individual users may have legal liability. Even your own email communications could be read and shared on the Internet.

• How does someone steal a password?

  There are dozens of password cracking programs available freely on the Internet. These programs can be used to repeatedly try to access your account, and are set up to try dictionary words, variations on them, and more. That's why we have the requirements and guidelines that we do.

• Why do people steal passwords?

  People steal passwords for a variety of reasons. Sometimes it is just a game. Other times, they want to use your account, or even your computer, for their own reasons, whether for monetary gain, political statements, or some other agenda.

• How often should I change my password?

  We recommend changing your password every six months. You may even want to do it more frequently. Changing it very frequently can be worse than not changing it at all, however, since you may be tempted to write it down since you are more likely to forget a password you use for a short time.