How do I create a strong password?

  • Use 8 or more characters
  • Choose a combination of:
    • numbers
    • upper case letters
    • lower case letters
    • special characters such as ! $ * % @ # & -
      (in some cases restrictions may apply )
  • Avoid passwords that are easy to guess or to crack
    • Dictionary words (mackerel, dandelion, millionaire)
    • Foreign words (octobre, gesundheit, sayonara)
    • Simple transformations of words (tiny8, 7eleven, dude!)
    • Names, doubled names, first name and last initial (mabell, kittykitty, marissab)
    • Uppercase or lowercase words (MAGAZINE, licorice)
    • An alphabet sequence (lmnop) or a keyboard sequence (ghjkl;)
    • Words that have the vowels removed (sbtrctn, cntrlntllgnc)

Are there any tips for choosing a strong password that can actually be remembered?

  • Use lines from a childhood verse:
    Jack be nimble, Jack be quick = JbeN#jbq1
  • Use an expression inspired by the name of a city:
    I love Paris in the springtime = 1LpntST!
    Chicago is my kind of town = C1mYK0t*
  • Use lines from a favorite song:
    You can't always get what you want = uC4n+agwUw!

How do I change my password? Page up

  • Change your MSU Net password at
  • Change your MyInfo PIN by logging in to MyInfo  > click the Personal Information  tab and select Change PIN.

How often should I change my password?

  • Change passwords every 6 months at least.
    • Change "first-time" passwords that are issued to you immediately.
  • Don't reuse old passwords.
  • Don't use the same passwords for work accounts that you do for personal accounts.
    • Whenever practical use unique passwords for all accounts
  • Don't write passwords down and leave them in places not always under your control.

As a system administrator, what can I do to protect passwords on machines I manage?

  • Replace your passwords every 30 to 120 days.
  • Disable logon after a specified number of failed attempts.
  • Use SSH or SSL for remote server authentication.
    Don't use programs that send passwords in plain text such as Samba, FTP, Telnet, Pathworks V 4.0.
  • Don't use shared usernames and passwords.
  • Change or disable the common user names such as Guest and Administrator.
  • Log on at the lowest level needed for the work to be done.
  • Disable or remove unused accounts.

Page up