Services
Office of Information Security
Choosing Your Penn State Account Password
Learn about Penn State’s
-
- Lifetime Password Policy – a new approach to passwords
- Requirements and Guidelines for choosing a secure password
- Tips and Examples for choosing a password that’s both strong and easy for you to remember
LIFETIME PASSWORDS: A NEW APPROACH TO PASSWORDS
The password you choose should be both difficult for someone else to hack or guess, and easy for you to remember.
In the past it was considered best practice to require users to change their passwords regularly and to follow rules that made it hard to think of a new password — and even harder to remember it. The desire to create an easy-to-remember password that met such criteria might result in a password like Good2Go!
Today, security experts acknowledge that periodic password changes add little value — and that it’s just as important that a password be easy for its owner to remember as it is that it be difficult for another person or computer program to hack. Current recommendations allow users to create a “passphrase”. A passphrase is a password that consists of a phrase, a sentence, or a series of words such as “kitten treadmill dog laughs“.
Advantages of the new paradigm: By allowing spaces and removing requirements such as regular password changes and the use of upper and lower case letters, numbers, and symbols, this approach allows you to choose a password that is:
- Easy for you to remember.
- Quicker and easier to type.
- Never going to expire.
- More secure. As it turns out, “kitten treadmill dog laughs” is far more difficult for even the most sophisticated computer program to hack than “Good2Go!”
RULES AND REQUIREMENTS – CRITERIA YOUR PASSWORD MUST MEET
- Length. Your password must be at least eight characters long, and no more than 125.
- Excluded Characters: It cannot contain any of the following special characters: ” ‘ \ ` & ( ) | < >
- Recently Used: It cannot be a password you’ve recently used for the same account.
- Commonly Used: It cannot be found on a list of commonly used or known compromised passwords.
- Personal Identifiers: It cannot include your user ID, first or last name, address, or date of birth.
- Penn State Services: It should not include the name, acronym, or abbreviation for a Penn State system or service. Examples: LionPATH, WebAccess, Shib, O365, Canvas.
- Dictionary words: It should not be a single dictionary word. (It may contain multiple dictionary words)
- Other Personal Information: Do not include any other personal information that could be used to guess your password. Examples: Your license plate, phone number, social security number, the names of your children or pets, your wedding anniversary, favorite sports team, or the name of your favorite band.
- Exclusive Use: It should be unique – used only for your Penn State account.
ADDITIONAL GUIDELINES
- Avoid common phrases: A good rule of thumb is that your password should not consist of an exact series of words you might find on an internet search. Computer programs used to hack passwords can run through a huge list of possibilities in just seconds, so you want to avoid anything that could be added to such a list.
Examples: A famous quote or commonly used phrase, the title or line from a song, a poem, a book or a movie, the colors of the rainbow, or any other commonly known list of words.It’s fine, however, to use any of the above as a starting point – as long as you modify it in some way. See Mix it Up, below, to learn more.
- Go for length: Generally speaking, longer is better. Both total length and longer individual words within your password contribute to its strength.
TIPS AND EXAMPLES
The following tips will help you choose a password that’s easy for you to remember, but still hard for someone else to guess.
Note: Don’t use one of the specific examples provided below as your password!
Choose an Approach:
- Pick a series of words that are related in some way that’s unique to you. For example, you might list four objects you can see as you sit at your desk, several items on your fireplace mantel, words you associate with your childhood home, or the items you’d most want to save if your house were on fire. The key is to choose words that are associated in your mind, but other people are not likely to put together.
Example: “Bel Air flute Rambler”
- Come up with an original phrase or sentence. It could be a statement about your plans or goals, something you like, something you’ve done, or anything else. The key is that it not be a commonly used phrase or sentence.
Examples: “My dream is to patent an invention”, “0%Chancetoguessmynewpassword” or even “This is my new password”
- Describe something you picture in your mind. That could be a set of objects, a landscape, a series of actions or events – the possibilities are limited only by your imagination.
Example: “firepit in my back yard”.
- Come up with a random set of words and create a story – complete with mental image – that ties them together in your mind.
Example: “cow climbs tree backwards”.
- Start with a common phrase, famous quotation, or favorite lyric – but mix it up. While it’s best to avoid using an exact quote, use one or both of the strategies listed below under “Mix it up” to alter it in such a way as to make it unique.
Mix it up
Computer programs used to crack passwords can rapidly try millions of commonly used or likely to be used passwords. Such lists are constantly updated to reflect trends in how people choose or construct passwords. You can decrease the chances that your password will show up on such a list by using one of the following strategies:
- Use the first letter of every word in a phrase or sentence.
Example: “Saturday night and we in the spot – Don’t believe me just watch” (from Uptown Funk) becomes “Snawits – Dbmjw”. If you choose this method, consider throwing in an unexpected word, character, or symbol, or skipping over something to further mix it up.
Example: “SnawitSPOT – jw!”
- Alter words or letters: Abbreviate, substitute or misspell words, or substitute numbers or symbols for words.
Examples: “Mari had a mini lamb” or “Giv m3 liberty or death” or “Don worry -B chill, dude!”
CHANGING
YOUR PASSWORD
Learn About …
- How often (or when) you need to change it
- How to do so, and what to do before and afterwards
- What to do if you encounter issues after changing it
PROTECTING
YOUR PASSWORD
Learn About …
- Why it’s important to protect your password
- Steps you should take to protect it
- What can happen if you fail to do so
PENN STATE
ACCOUNTS
Learn About ...
- How to update your account information
- What to do if you can't log in
- When you gain and lose access to resources, and more
See Also