Passwords
The best way to protect your personal data, as well as the College’s data, is by using a strong password that isn’t used anywhere else. Here is some information on how to create and keep track of your passwords.
Highline College Password Standard
- Highline user account passwords are the responsibility of the user, and must not be shared with any other person, or displayed where they may be seen by others.
- All office workstations must have a password protected screen saver which will be activated after a period of inactivity not to exceed 15 minutes.
- All classroom workstations will be logged out after a period of inactivity not to exceed 45 minutes.
- Users may not use a password that they have used at Highline before.
- Passwords will expire and must be changed after 365 days.
- Passwords must be at least 12 characters in length, though longer is better.
- Passwords must conform to the following guidelines:
- Cannot contain your username or SID
- Cannot contain your name
- Cannot contain your initials
- Cannot contain the college name
- Must contain characters from three of the following four categories:
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non-alphanumeric characters (e.g. ~, *, #, %)
These rules apply to Highline user accounts for systems directly under Highline’s control. While we make every effort to utilize Highline credentials to grant access to third-party tools, external systems may occasionally operate under varying rules.
The Logic of Password Design
It used to be the case that picking an alphanumeric password that was 8-10 characters in length was a pretty good practice. These days, it’s increasingly affordable to build extremely powerful and fast password cracking tools that can try tens of millions of possible password combinations per second.
Complexity is nice, but length is key. Just remember that each character you add to a password or passphrase makes it an order of magnitude harder to attack via brute-force methods.
Some of the easiest-to-remember passwords are collections of words that form a phrase or sentence, perhaps the opening sentence to your favorite novel, or the opening line to a good joke.
Avoid using the same password at multiple websites or apps. It’s generally safe to re-use the same password at sites that do not store sensitive information about you (like a news website) provided you don’t use this same password at sites that are sensitive (financial, medical, etc.).
Never use the password you’ve picked for your email account at any online site. If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone will be reading your e-mail soon.
Whatever you do, don’t store your list of passwords on your computer in plain text, or in a handwritten book!
Password Storage on Web Browsers
One thing to note about password storage in your web browser, like Firefox or Chrome: If you have not enabled and assigned a “master password” to manage your passwords, anyone with physical access to your computer and user account can view the stored passwords in plain text, simply by clicking ‘Options,’ and then ‘Show Passwords.’
To protect your passwords from local prying eyes, drop a check mark into the box next to ‘Use Master Password’ at the main ‘Options’ page, and choose a strong password that only you can remember. You will then be prompted to enter the master password once per session when visiting a site that uses one of your stored passwords.
Password Management Options
There are several online third-party services that can help users safeguard sensitive passwords, including LastPass, DashLane, and 1Password. These store your passwords in the cloud (remote storage) and secure them all with a master password.
If entrusting all your passwords to the cloud gives you the creeps, consider using a local password storage program on your computer, such as Roboform, PasswordSafe or Keepass.
Take care to pick a strong master password, but one that you can remember. If you forget your Master Password, there will be extra work on your part to get it recovered.
Questions?
- Please contact the Help Desk.