UCR

UC Trust @ UCR



Managing Your Password


Banner

A commitment to strong and robust passwords is an important aspect of UCR’s overall effort to ensure campus systems, data, and electronic tools are secure and safe. In collaboration with various campus oversight groups and UCOP, C&C has been reviewing campus electronic password practices and procedures. As a result of these discussions, C&C is making available a suite of best practices relating to password creation and maintenance: the ultimate goal of this effort is to provide improved campus security, data integrity, and systems reliability.


Passwords: Background and Overview

Passwords are confidential and should not be shared with anyone, including supervisors, co-workers, family members, or friends. Moreover, campus electronic systems users should never disclose any passwords by writing them down (or not adequately secure them in some other fashion).

A UCR systems user should never let another person sign-on under their user ID, and users should never sign on and leave the office without logging off or taking other comparable precautions (e.g. using a password protected screen saver –not recommended for Windows 95 or 98 users).

If there is a reason to suspect that password confidentiality has been compromised, it’s important that the password be changed immediately. UCR’s Director of Financial Control and Accountability (Marc Guerra, guerra@ucr.edu) may be contacted for input and guidance if a user suspects his or her password has been compromised.

Password security guidelines and responsibilities are contained in Campus Policy Number: 400-35.

Return to Top

Creating Good Passwords: Best Practices

  • All passwords should have a minimum five character length. In general, longer passwords are more robust than shorter passwords (given other criteria noted below).
  • All passwords should contain a combination of letters, numbers, and (given other criteria noted below) special characters as well.

    Current UCR Computing Environment Note Concerning Special Characters:

    iViews (UCR NetID) and UCR’s Central Authentication System (CAS) supports the use of virtually any (keyboard visible) special character.

    The IBM environment (e.g. SIS, Web Storehouse) currently supports the use of the following special characters: #, $ and @.
    UCRFS (PeopleSoft) and the campus Purchasing system currently support the use of the following special characters: $ and _.

  • All passwords should contain mixed-case letters.

    Current UCR Computing Environment Note Concerning Mixed-Case Passwords:

    • iViews (UCR NetID) and UCR’s Central Authentication System (CAS) supports mixed-case passwords.
    • The IBM environment (e.g. SIS, Web Storehouse) currently does not support mixed-case passwords; C&C is working on a system upgrade to allow this functionality. Please note that IBM passwords must begin with an alpha character.
    • UCRFS (PeopleSoft) and the campus Purchasing system currently do not support mixed-case passwords; thus functionality will become available when the applications move to iViews in the Fall.
  • The first letter of a password should not be uppercase (rather, add uppercase letters within the password).
  • Create passwords that can be typed quickly, without having to look at the keyboard (to decrease the probability that someone might steal your password observing your keyboard).

    Examples of good passwords (please do not use these examples as passwords):

    oNa327(sA
    865Dap@z
    reAlg00d
    p93Sow#aq

Return to Top

Creating Good Passwords: What to Avoid

  • Do not create passwords that use a word or number pattern (e.g. aaabbb, qwerty, zyxwvuts, 123321, etc.).
  • Do not create a password that is derived from a username (a reversed, capitalized, doubled, etc. username).
  • Do not create a password that has a commonly known first, middle or last name in any form.
  • Do not create a password that utilizes user initials or nickname(s).
  • Do not create a password using a word contained in English or foreign dictionaries, spelling lists, or other word lists (even if this is allowed by the UCR password dictionary checker).
  • Do not create a password that uses information easily obtained (e.g. pet names, license plate numbers, telephone numbers, identification numbers, the brand of an automobile, a current address, etc.)
  • Never write down (or type and record electronically) a password (e.g. on sticky notes, desk blotters, calendars, etc.).
  • Do not create a password that is so complicated it must be written down.
  • Never use a UCR password as a credential for non-UCR systems, especially systems you access via the Internet on a non-encrypted web site.
  • Never use a UCR password on a computer not typically utilized; make sure the device is well protected and free of spy-ware and viruses.

Return to Top

Keeping a Good Password Safe

  • ALWAYS keep personal computer virus and spyware free and update the Windows operating system regularly. Passwords can be stolen electronically (and remotely) from computers containing malicious viruses or spyware (many of these malware products contain keystroke loggers). For more information, please visit C&C’s security web site (http://www.cnc.ucr.edu/security).
  • NEVER transmit a UCR password to a non-encrypted web site (please look for a “lock symbol” in the lower right hand corner of the browser [Internet Explorer and Mozilla] to determine if a site is encrypted).
  • ALWAYS use UCR’s VPN service (virtual private network) when connecting to campus systems from a non-UCR internet service provider (please visit http://www.cnc.ucr.edu/vpn to install UCR’s VPN software).

Return to Top


General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Career Opportunities

Computing & Communications

UC Trust
Computing & Communications Bldg

Tel: (951) 827-4741
Fax: (951) 827-4541
E-mail: cncwebmaster@ucr.edu

Footer