Montana State University

MSU IT Center

Renne Library Commons
P.O. Box 173240
Bozeman, MT 59717-3240
406-994-1777 | helpdesk@montana.edu

Chief Information Officer

Adam Edelman (Interim)
aedelman@montana.edu

Good Password Practices FAQ

How do I create a strong password?

  • Use 8 or more characters
  • Choose a combination of:
    • numbers
    • upper case letters
    • lower case letters
    • special characters such as ! $ * % @ # & -
      (in some cases restrictions may apply )
  • Avoid passwords that are easy to guess or to crack
    • Dictionary words (mackerel, dandelion, millionaire)
    • Foreign words (octobre, gesundheit, sayonara)
    • Simple transformations of words (tiny8, 7eleven, dude!)
    • Names, doubled names, first name and last initial (mabell, kittykitty, marissab)
    • Uppercase or lowercase words (MAGAZINE, licorice)
    • An alphabet sequence (lmnop) or a keyboard sequence (ghjkl;)
    • Words that have the vowels removed (sbtrctn, cntrlntllgnc)

Are there any tips for choosing a strong password that can actually be remembered?

  • Use lines from a childhood verse:
    Jack be nimble, Jack be quick = JbeN#jbq1
  • Use an expression inspired by the name of a city:
    I love Paris in the springtime = 1LpntST!
    Chicago is my kind of town = C1mYK0t*
  • Use lines from a favorite song:
    You can't always get what you want = uC4n+agwUw!

How do I change my password? Page up arrow.top

  • To change your MSU NetID, Domain, and/or Portal passwords go to https://www3.montana.edu/myprofile/.
    • What if I can't even log on to my computer-- let alone get to the password reset page-- because my MSU Domain password has expired?
    • You can change your MSU Domain password by pressing Ctrl-Alt-Del simultaneously and then clicking the "Change Password" button.
  • To change your MyInfo PIN log in to MyInfo go to the "Personal Information" section and select "Change PIN."

How often should I change my password?

  • Change passwords every 6 months at least.
    • Change "first-time" passwords that are issued to you immediately.
  • Don't reuse old passwords.
  • Don't use the same passwords for work accounts that you do for personal accounts.
    - whenever practical use unique passwords for all accounts
  • Don't write passwords down and leave them in places not always under your control.

As a system administrator, what can I do to protect passwords on machines I manage?

  • Replace your passwords every 30 to 120 days.
  • Disable logon after a specified number of failed attempts.
  • Use SSH or SSL for remote server authentication.
    Don't use programs that send passwords in plain text such as Samba, FTP, Telnet, Pathworks V 4.0.
  • Don't use shared usernames and passwords.
  • Change or disable the common user names such as Guest and Administrator.
  • Log on at the lowest level needed for the work to be done.
  • Disable or remove unused accounts.
Page up arrow.top