• Skip to content
• Skip to main navigation
• Skip to global navigation

Information Technology

Password Security

Password Rules

We have a list of rules on what your password must consist of:

1. Your password must NOT contain any part of your logon name
2. Your password must NOT contain your first or last name
3. Your password must be at least 8 characters long
4. Your password must contain characters from three of the following four "classes":
   • UPPERCASE letters (A-Z)
   • Lowercase letters (a-z)
   • Numbers (0-9)
   • Non-alphanumeric special characters (!, @, #, $, %, ^, &, etc.).
5. You cannot use the same password as you used before (the system remembers your last 12).
6. Capitalization matters. Remember if you use upper or lower case. (mypoint.uwsp.edu, OWA and other web services are CASE SENSITIVE.)

"Good" or "Safe" Passwords

To know what makes a password "good" or "safe," it is important to know what makes a password "bad" or "unsafe."

A bad password is one that is easily guessed by a stranger, a friend, or a computer program. Examples of bad passwords are

• Using your LogonID or your full account name
• License plate numbers
• Dates
• Words found in any dictionary, including languages other than English, slang, jargon, abbreviations, proper names, etc.
• Combinations of dictionary words
• Dictionary words spelled backwards
• Numbers
• Any personal information

What is left? With all of these restrictions, it is still possible to come up with a password that is easy to remember, yet cryptic enough not to be guessable.

One of the most popular ways to select a good password that is easily remembered is to use phrase or quote that you can remember. Let's use the lyrics of a song by Da Yoopers - "Grandma Got Run Over By A Reindeer"

• Take the first letter of each word...
  • Ggrobar
• Now we have "Gg" and the Spanish verb for "to rob," so that is something a hacking program using a dictionary might guess. To make it a bit better, we can modify it a bit...
  • 2Gr0bar
• After changing the g's to "2G" and the 'o' to a zero, we have something that resembles a decent password.

Courtesy of Computer Aided Engineering, UW Madison, Fall 1998, used with permission

Here's another example. We'll use the sentence "My dog Fluffy is two years older then my dog Zeus".

• Take the first letter of each word...
  • MdFityotmdZ
• We already have a mixture of upper and lower case letters, so now let's mix it up by adding some numbers.
  • MdFi2yotmdZ
• Finally substitute some special characters to make the password even stronger.
  • M#F!2yotm#Z

Contact Information

If you have questions about password security, please contact the Help Desk