Overview
The following article outlines the requirements for creating a password for your UH account as well as tips on creating a strong password.
UH Username Password Requirements
Your UH Username's password must meet the following requirements:
- Must be between 8 and 32 characters long
- Must contain at least one upper case character
- Must contain at least one lower case character
- Must contain at least one number
- Must contain at least one special character (symbol). Note: these symbols are not allowed: ( ) " < > :
- Must not contain any dictionary words or proper names (in any language)
- Must not contain any personal information. For example, if your birth date is March 7, you cannot use 0307, 37, etc. in your password.
UH Username passwords cannot be re-used. When changing your password, you will need to use a unique password that you have not used previously.
When you attempt to set a new password, the new password will be checked against a database of known compromised passwords. If your new password is found in this database, you will not be allowed to use this password and will have to choose a different one.
Back to Top
Tips to Create a Strong and Secure Password
The days of using simple words, a single character, or a blank password are gone. Today, easy passwords can be cracked or guessed within hours or even minutes. Since the information on your computer is precious and potentially confidential, you need to protect it as much as you can. This guide is to help you create strong and solid passwords that will serve as a roadblock for intruders who are trying to break-in to your computer or online accounts.
- Length - The number of characters for your password is very important
- The recommended number of characters are at least eight characters (a UH Username password is required to be 8-32 characters)
- A three character password such as fgy can easily be guessed by an intruder (or a password cracking program) much more quickly than an eight character password such as 10RvR09$
- Strength - The strength of a password refers to the complexity of the password
- In other words, can anyone guess what your password is?
- For example, if your computer account is janedoe and your password is janedoe or JaneDoe, an intruder can easily try and succeed in logging into your computer
- You should not use words that can be traced to you such as your address, pet name, spouse name, surname, nickname, and should not use any words contained in dictionaries in any languages
- To strengthen your password, the recommendation is to use a mix of special characters, numbers, and the alphabet (a UH Username password requires one upper case character, one lower case character, one number, and one special character)
- Special characters are !@#$%^&*()_+{}. Here are a few examples of stronger passwords: uRkn2T@ or R24Real? or Yc@nU95
- Keywords – Most people are familiar with creating simple temporary passwords for new employees or for other trusted people with the intent on allowing them to change the password at a later time
- Passwords like abc123 and 567fgh were commonly used - If you use or ever used this method, you should break this habit
- These passwords are almost like not having a password because intruders have programmed these words into their software to guess your password
- The recommended practice is to assign a strong password from the beginning so that the new employee or trusted colleague will also follow your lead
- Historical – It is not a good practice to create four or five passwords and switch between them every time the computer reminds you to change your password.
- It would defeat the purpose of having a life span for the passwords. For example:
- start – my password is Tr*2catchmE!
- 45 days later– I change my password to U#can’tGetIN%
- 45 days later – I change my password to Wht$Up23&
- 45 days later – I change my password back to the starting password Tr*2catchmE!
- Do not just add on more characters to your existing password such as Tr*2catchmE!456
- If the intruder guessed the first part of the password, they would just need to guess the last three characters
- Be creative. You should not recycle passwords! This is one resource that you are allowed to waste.
- One for All – Avoid re-using passwords across multiple accounts/services
- Keeping track of passwords for different accounts can be difficult
- It is very convenient to create a strong password and use it for all your accounts for your credit card company website, your home Internet service provider, your work computer, or your personal email accounts like Hotmail or Yahoo. However, this is a bad habit and you should never do this
- Let’s say that you have 14 accounts with a variety of Web sites or email sites. An intruder breaks into one of those companies who offer these services and now has your password for all 14 accounts and will have an easy time gaining access to those accounts
- The recommended practice is to have unique passwords for each account. This means that you will have 14 different passwords and if we use the previous example, the intruder will not be able to take over all of your accounts.
- Previously Exposed – When attempting to gain access to online accounts via brute force, malicious actors use a "dictionary" of compromised passwords that they know have been previously or commonly used
- Whenever a data breach occurs for any service, the number of entries in their "dictionary" grows
- It is recommended to never use a password that has been previously exposed in a data breach - even if it the password was never associated with your email address or one of your accounts
- The website https://haveibeenpwned.com/Passwords provides an easy way to check whether or not a given password has been previously exposed
Back to Top
Other Tips
After creating a strong and secure password, you need to keep in mind how and where you are using it. Below are some additional tips that you should consider:
- Do not share your passwords with anyone! - They could easily misuse your account or give your password to someone else
- Change you password if you login to your account on a public or shared computer (e.g. net cafe or public library) - There is a chance it may be infected with a keystroke logger that can record your account and password and be used by spammers and hackers
- Do not write down and post your password in the open! - Writing down your password on a sticky note and posting it under your keyboard, on your monitor, or and easily accessible place will make it easy for anyone else to see and potentially misuse your password
This guide was created to make you aware of the consequences of using weak or blank passwords and not to make cause undue concern or anxiety. Remember that your password is your key into unlocking your computer and it is comparable to a car key unlocking your car door. Creating strong password is one of the easiest security tools to keep your accounts and information safe.
Back to Top