How to Create a Strong Password

Summary

This article describes considerations for creating a strong password for your UMS account.

Body

Article Summary

This guide outlines the mandatory requirements for University of Maine System (UMS) account passwords and provides comprehensive best practices for password security. It includes specific rules for password creation, common mistakes to avoid, and guidelines for maintaining secure credentials.

Applies To

  • UMS Account Passwords
  • Campus Information Systems
  • University Applications
  • All University-affiliated accounts

Detailed Information

UMS Password Requirements

  • All UMS account passwords MUST:
  •  Be at least 8 characters in length
  • Contain upper- and lower-case letters
  • Contain digits, punctuation and/or special characters
  • NOT be based upon the username, personal name or personal information
  • NOT be a standalone word in any language, slang, dialect or jargon
  • NOT be a previously selected password
  • NOT be used as a password for any other accounts elsewhere outside of the University
  • Be changed within 180 days

Password Update Guidelines

When updating a password, especially in response to a compromised account alert, avoid "password recycling." Specifically:

DO NOT:

  • Increment numbers in previous passwords (e.g., "Password1" → "Password2")
  • Add characters to the beginning or end (e.g., "Password1" → "Password1!")
  • Update dates without other changes (e.g., "Pw04/2020" → "Pw10/2020")
  • Only alter capitalization (e.g., "Lewist0nauburn" → "Lewist0nAuburn")
  • Simply rearrange words or phrases (e.g., "Correcthorsebatterystaple1" → "Batterycorrectstaplehorse1")

Best Practices for Strong Passwords

Length and Complexity:

  • Use at least 12-15 characters for enhanced security
  • Include a mix of:
    • Uppercase letters (A-Z)
    • Lowercase letters (a-z)
    • Numbers (0-9)
    • Special characters (!@#$%^&*)
  • Create truly random combinations when possible

Password Creation Tips:

  • Use unique passphrases while avoiding common sayings
  • Implement random character combinations
  • Consider using password manager-generated passwords
  • Create passwords that exceed minimum requirements

What to Avoid

  • Dictionary words in any language (except as used in passphrase)
  • Passphrases of common sayings or adages
  • Personal information (names, dates, addresses)
  • Sequential numbers or letters
  • Keyboard patterns (qwerty, asdfgh)
  • Common substitutions (@ for a, 3 for e)
  • Previously used passwords

Password Management Recommendations

  • Use a secure password manager to generate and store complex passwords
  • Enable Multi-factor Authentication (MFA) when available
  • Keep passwords private and never share them
  • Change passwords immediately if a breach is suspected
  • Use different passwords for different accounts
  •  Regularly review and update passwords according to policy

Additional Security Measures

  • Monitor accounts for suspicious activity
  • Report security incidents promptly
  • Keep systems and browsers updated
  • Use secure networks for accessing sensitive accounts
  • Regularly review connected applications and devices

Details

Details

Article ID: 172873
Created
Tue 9/10/24 10:12 AM
Modified
Wed 3/5/25 3:37 PM
Applies To
Students
Faculty
Staff