Fayetteville State University has an enormous amount of sensitive information stored on various network servers throughout campus. In order to protect our data it is important that we have a strong/complete security policy in effect. Passwords are an extremely important aspect of that security policy. They are the front line of protection for user accounts; it has been proven that computer hackers are able to guess or gather passwords to accounts, which can enable them to compromise most systems.
In order to protect our system, we require that passwords change every 90 days days. The idea behind password aging is that a password is less likely to be compromised if it is changed regularly, or that the exposure from such a compromise will be reduced, and that a user who stops using a service will have their password automatically expire if they do not otherwise intervene.
In order to accurately identify users without using their social security numbers, a Self-Service Password Management System is being created which will use questions and answers that will allow users to reset or change their password. It is imperative that all current faculty and staff enroll in the password management system in order to use the system to manage their passwords. New faculty and staff will be enrolled upon initial account creation.
Passwords are the virtual keys to the FSU networking system. Passwords give you access not only to all the files and information on your computer (data files, email, network drives, etc.), but also to student and financial information.
Passwords have become so common, so much a part of our daily lives, we treat them with casual indifference. As a result, we too often forego security for convenience. We come up with weak passwords that are easy to guess. We store passwords unprotected on our desktops. We write them down and tape them to our computer screens. If you password is stolen, you will not be the only one affected. Identity theft has become an epidemic and we all need to take measures to protect ourselves and our students.
Other than the obvious (a written down password or a password that has been entrusted to someone you know), hackers use cracking programs that can launch dictionaries to try and match your passwords in mere seconds.
Weak passwords will be quickly guessed while strong passwords may never be guessed:
|Passwords||Time to Hack|
|4 character lower or upper case letters||a few seconds|
|4 character lower and upper case letters||a few seconds|
|4 character lower and upper case and number||a few seconds|
|5 character lower or upper case letters (e.g passb)||under 60 seconds|
|5 character lower & upper case letters (e.g passB)||approx 6 minutes|
|5 character lower & upper case and number (e.g Pasb1)||approx 15 minutes|
|8 character lower or upper case||approx 58 hours|
|8 character lower & upper case||approx 21 months|
|8 character lower & upper case and number||approx 7 years|
|10 character lower or upper case||approx 5 years|
|10 character lower & upper case||approx 4648 years|
|10 character lower & upper case and number||approx 26984 years|
One of the biggest mistakes people do is to leave their desktops unattended without logging off first. Anyone can then walk up to your desktop and access information.
Some systems have programs that check the password selected and can disallow a poor choice, but not all systems have this capability. To avoid problems, follow these basic guidelines when choosing your password:
Use lines from a childhood verse:
Verse Line: Yankee Doodle went to town
Expressions inspired by the name of a city:
City Expression: I love Paris in the springtime!
Password: 1LpinST! (replace the letter L with the number 1)
Note: Obviously, you shouldn't use any of the passwords used as examples in this document. Treat these examples as guidelines only.
Because all of the following can be accessed with your username and password:
Any comprise of your password could possibly affect sensitive information in all of the systems mentioned above. If you suspect that your password has been compromised in any way, change it immediately.
All faculty, staff, and students must enroll in the password management system in order to change and retrieve forgotten passwords. For security reasons, you will no longer be allowed to call the help desk to reset your password. If you haven't enroll in the system and need help with your password, you will need to come in person to the help desk with a valid FSU ID.