Windows and MySCSU passwords change
The new passwords must conform to stricter guidelines than the old ones. The new passwords must be (as quoted from the HelpDesk website):
- Not contain significant portions of the user’s account name, full name, or current password.
- Be at least 8 characters in length.
- Contain characters from three of the following four categories:
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Numeric characters (0 through 9)
- Non-alphanumeric characters (!@#$%^&*-+?)
Update 8/26: They are now instructing that Windows passwords that follow the same rules as MySCSU passwords: letters, numbers, and symbols. Passwords are case sensitive, but you don't have to use both upper and lower case letters. If you have already chosen a password, you may not have to reset, but follow these rules next time. Passwords also cannot use a part of your name or birthdate. Windows and Banner passwords can be reset from the HelpDesk page, but MySCSU require calling 203-392-5123 or visiting a campus computer lab, such as Buley 314.)
In other words, they must be longer (8 characters or more) and more complex. You will be forced to change passwords every 60 days and will not be able to repeat your last six passwords. So now is the time to come up with several to use when you are unexpectedly unable to get into your email 60 days from Monday.
For all the details, check IT's helpdesk website at http://helpdesk.southernct.edu/index.php?option=com_content&task=view&id=200&Itemid=124
For those who hate choosing passwords, especially "weird" ones like these, here are a few suggestions:
- Use "l33t speak", the early hacker substitution of numbers for letters. l33t is 'leet or elite.
- A=4 or @
- I=1 or ! (also Y when used as a vowel with the long I sound)
- O=0 (That's "Oh" equals "zero") or ()
- So "stories" could be written "$70r13$" (This is an extreme example, it would be easier to replace only a few letters. By changing which letters you switch, you can have several passwords from the same word.)
- You could use this the other way round if you want to use a password like the old default birthdate. Substitute some of the numbers with letters, some capitalized and some not, 1993=!99E.
- There are more examples on the BBC page linked above.
- A=4 or @
- Text messaging has more common substitutions that work well for this sort of password:
- are=r (also used for any "er", "ar", "or", etc., sound within a word)
- "ate"=8 (used in any word that contains the sound "ate", like "l8tr" for "later"
- So the phrase, "my love to you" becomes "my luv 2 U". Combine this with l33t speak and you could use "m!luv2U" (it's only 7 characters, but it does use all 4 of the required types for the new passwords.)
- Transl8it! has a txt generator. Type your message in and get the txt translation. (It will also go the other way--handy for those who aren't up on their IM/chat slang.)
- If you really get stuck, there are online password generators that will help you. I can't recommend using this sort of thing for you actual password, because you can't necessarily tell who is legitimate and who is fishing (or phishing) for passwords, but you could use them to get some ideas. Of the ones that came up on the Google search linked above, I like the WebCog Semi-Pronounceable one best. You can just keep clicking the Refresh button until you see one you think you could remember. You will need to capitalize at least one letter or use a "special" symbol to make these work in our new system.
- If you do use one of these systems to figure out a new password, I would recommend writing down the password (even better, a variation on the password that was generated), closing your browser completely, opening a new browser window and then going to change your password. It may help break the trail between your use of the password generator and where you used the password. Identity theft is a big problem, and you don't want to make it any easier for them to get your information. You might also want to try the Firefox browser, which prevents some of the scripts from running when you visit a "bad" page, like downloading a tracking program so that they see where you go after visiting. (You should already be running a virus checker--students can download McAfee from the MySCSU site--and an adware/spyware remover like Ad-Aware, at least if you use Windows.)