Guidelines for Passwords for End Users

Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of Tulane University's entire network.

    1  Overview

    Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of Tulane University's entire network. As such, all students, faculty,staff, alumni, retirees, and other University affiliates (including contractors and vendors with access to Tulane University systems) are responsible for selecting and securing their passwords as outlined below.

    2  Specific Guidelines

     2.1  Password Creation

    The following password guidelines are based upon experience and common sense.The software used to change passwords will screen for most of these guidelines as an aid in creating secure passwords. This does not relieve a person of responsibility for creating and securing a good password.

    • The password must be at least eight characters in length. (Longer is generally better.)
    • The password should not be a word in the dictionary
    • The password must be in mixed case (upper- and lower-case letters)
    • The password must contain at least one numeric character.
    • The password cannot be the same as the user ID.
    • Special characters may be used to strengthen the password. Examples of permitted special characters are $. , ! % ^ *
    • The password should not be information easily obtainable about you such as your license plate number, social security number, telephone number, or street address.

     2.2  Password Protection

    • If someone demands a password, refer them to this document or have them call someone in the Information Security Office.  
    • We strongly suggest that you do not use the same password for Tulane University accounts as for other non-Tulane University access.Where possible, do not use the same password for all of your Tulane accounts.
    • Do not share Tulane University passwords with anyone, including administrative assistants or secretaries. All passwords should be treated as sensitive and confidential. If someone demands a password, refer them to this document or have them call someone in the Information Security Office.
    • Do not use the "Remember Password" feature of applications (e.g., Eudora, Outlook,Entourage, and Webmail).
    • Do not write passwords down and store them anywhere in your office. Do not store passwords in a file on ANY computer system (including Palm Pilots or similar devices) without encrypting the passwords.
    • Don't reveal a password over the phone to ANYONE
    • Don't reveal a password in an e-mail message
    • Don't reveal a password to your supervisor
    • Don't talk about a password in front of others
    • Don't hint at the format of a password (e.g., "my family name")
    • Don't reveal a password on questionnaires or security forms
    • Don't share a password with family members
    • Don't reveal a password to co-workers while on vacation