Password Creation and Management Tips

During your time at Berry you will use a number of passwords. This page is intended to give you tips to help you both easily create and securely manage your passwords.

All students will be issued an Microsoft Office365 account, which provides access to almost every computer and network resource provided by the college. All students are also assigned an EZConnect password, which can only be changed by OIT staff. The password you use for the Office365 account must follow the guidelines listed below under Password Creation Tips. Office365 passwords can be reset through the Berry MyApps portal. While we only require you to change your password annually, you should immediately change your password if you suspect or discover it has been exposed.

PASSWORD MANAGEMENT TIPS

  • Do not use the same password for multiple accounts.  Particularly, do not use the same password for your Berry accounts that you use for non-Berry accounts.  More importantly, do not use the same passwords for your financial accounts, such as banks, credit card companies, PayPal, etc. since a compromise has the potential to damage your credit rating for years.
  • Do not write down your password! Use a password manager. These simplify password management, leaving you only one password to remember. Good candidates are LastPass and Bitwarden.  NOTE: The Office for Information Technology (OIT) cannot provide support for these programs.  Please do not place a request with the Technical Support Desk asking for help with a password manager. If using a password manager, make sure the master password is a strong password!  More information on creating passwords is below.  
  • If you are given the option to provide yourself a hint or create security questions, do NOT use personal information like mother's maiden name, the city where you were born or pet's names. This information is commonly posted to social media or can be obtained easily. If you only have these choices, then make up the answers based on a theme or select a movie or fictional character.  For example, if the security question asks for your pet's name, instead use the name of a favorite pet, animal or even a person, from a movie or book.  Just don't tell anyone your system, and if using a password manager, record this information so you don’t forget it.
  • Be sure to log out of any system you log into, especially if accessing it from a shared computer in a lab or at a public kiosk.
  • Do not share your passwords with anyone, even OIT staff.  No one who works for OIT should ever ask for your password, but if they do, politely refuse.  A request for your username and password is never legitimate, especially via email.  If this happens, you can be certain it is an attempt to steal your credentials. Please report attempts to steal your credentials to infosec@berry.edu.

PASSWORD CREATION TIPS

DO's

  • Your password must be at least fourteen characters long. The longer, the better.
  • You must also use three out of four of the following - upper case letters, lower case letters, numbers, or symbols.  Spaces are a good idea also, as many password cracking programs still handle spaces poorly.  If spaces are not allowed, pick a letter, number, or symbol to represent a space.
  • Use more than one number or symbol, and not just at the end or beginning of the password.  You can substitute numbers for letters, i.e., "3" for e, "1" for i, etc, but don't depend on these to make your password more secure - these common substitutions are expected in password cracking programs.

DON'TS

  • DO NOT use simple dictionary words, personal data, names of pets, or anything else easily guessable about you, either forwards or backwards.  The Berry system does not allow you to use any part of your username in your password (down to three letter precision), and this is a good rule to follow as you create passwords. For example, if your name is David, you cannot use “dav”, “vid” or “avi” in your password.
  • Do not use common phrases or the first letter of words from a common phrase, i.e. "I am too smart for my own good" becomes "iatsfmog".  These phrases are included in many password cracking word dictionaries and are not secure.
  • Do not simply increment a number in a base password. For example - If your password is "LetMeInNow1" for one website, do not use "LetMeInNow2" on another site or as a replacement for the original "LetMeInNow1" password.
  • Do not create and use a password you cannot remember, unless you use a password manager to store it.
  • Do not write it down!

Creating hard to guess, but memorable passwords

  • Use mangled quotes - take a quote that is memorable to you and mix it up.  You don't have to necessarily change the quote itself, but you should make some letter substitutions and possibly change any spaces to a seldom used letter.  For example, the opening line of Moby Dick, "Call me Ishmael", becomes "CallxmexIshmae1".  Better yet, change the name to something else (not your name).  Instead of "Ishmael" use a descriptive word for yourself.  "Call me Ishmael" becomes "Callxm3xKrazy".  While misspelled words alone do not increase the security of a password, the combination of using a phrase instead of a word (more characters), substituting a number for a letter, changing a space to "x", and misspelling "crazy" is a fairly strong password.  The website How Secure Is My Password claims that it would take a computer 158 thousand years to crack the “Callxm3xKrazy” password.
  • Use random, everyday words mashed together - pick three or four items in your room, or items you see every day and put them together.  If you have a stress ball on your desk, and a black light in your aquarium, they could result in this password - "BlackfishStr3ss".  The How Secure Is My Password website claims an astounding 609 million years would be required to crack this password.  It is memorable to you because you see these objects every day.  This concept of using everyday words as parts of a password was drawn from a comic on the xkcd website.  See it here.

Whatever method you choose to create your passwords, following these tips will increase their effectiveness and your security.

 Back to Top