Welcome to Arkansas State University!

Although it may seem like you have to keep track of more and more accounts, usernames, and passwords with each passing year, and this often seems overwhelming. Sometimes it's tempting to create a password that is easy to remember, and use it for everything, university accounts and personal accounts included, instead of separate passwords that are more secure. However, using one password for all of your accounts is not secure at all. 

As a member of the Arkansas State community you should never forget that your password is a safeguard for your privacy and personal information. The passwords that we all use to access University computing systems (email, Banner, Blackboard, etc.) should be as secure as possible.


Password Best Practices

  • Do not share your password.
  • Do not write down your password, but if you have to write it down, make sure to keep it in a secure location, (under your keyboard is not a secure location).
  • Change your password regularly (most University systems require a 90 day password change).
  • If you think your password has been compromised, change it IMMEDIATELY! You can change your password by going to MyCampus, then Clicking Reset Password.
  • Do not use the same passwords for University accounts and personal accounts.
  • Create strong and effective passwords.

Creating a Strong and Effective Password or Passphrase

Passwords used on all systems for Arkansas State University business should meet at least the minimum password characteristics listed below to reasonably protect them from being guessed by humans or computers. Most University systems enforce these minimum length and complexity standards.

Choose a strong and memorable password or passphrase, no common names or dictionary words should be used.


Strong Password:

Password should consist of the following characteristics:

  • Minimum of 8 characters long
  • Minimum of one uppercase letter
  • Minimum of one lowercase letter
  • Minimum of one number
  • Do not include any part of your username 

Remember Long passwords are strong passwords!


Strong Passphrase:

Passphrases may be easier to remember and more secure than a shorter, more complex password. A passphrase should be:

  • Be between 15 and 127 characters in length
  • Minimum of one uppercase letter
  • Minimum of one lowercase letter
  • Minimum of one number

Example of a passphrase: take the phrase > timeforchocolate

Turn it into > Tim3f0rCh0colat3


 Password Tips:

  • Remember that incorrect grammar and misspellings are passphrase strengtheners.
  • DON’T use something that is public knowledge or has been shared on social media, such as Facebook or Twitter.
  • DON’T write down your password, BUT If you must write your password down, treat and protect it like High Risk Confidential Information, and lock them in a safe place.
  • DON’T use any sample passphrases or passwords shared as tips.
  • DON’T ever leave a password blank or keep its default value intact.
  • DON’T use the same password to secure your university account as you use (or have used) for other sites, e.g., Gmail, Yahoo, or Facebook.
  • DON’T reuse passwords.
  • DON’T use sequential letters or numbers (e.g. 1234567890, abcdefghij).
  • DON’T use trivial passwords (e.g. password, mypassword, p@ssw0rd).
  • DON’T use easily discoverable personal data (e.g., ID number, names, birthday, address, pets).  

 Compromised Passwords:

  • If you believe your password has been compromised or otherwise improperly accessed, change your password Immediately! You can change your password by going to MyCampus, then Clicking Reset Password. Also, please contact itshelpdesk at 870.972.3033.

  • Depending on your department policy, you might have access to the departmental file share. Contact your local IT support person or your manager to obtain instructions on the recommended local practice.


 For Smartphones and Tablets:

  • Smartphones and tablets should be setup with a password or a 4-8 digit PIN.

Be creative! The best passphrases and passwords are ones that have never been used before. 


Finally, remember: ITS will never ask you to disclose your password!


Security Tip of the Day!

Phishing


Phishing is when an attacker attempts to fool you into clicking on a malicious link or opening an attachment in an email. Be suspicious of any email or online message that creates a sense of urgency, has bad spelling or addresses you with a generic greeting such as "Dear Customer."

CLICK HERE to see more SANS Security Awareness Tips!