Skip to Content

Vanderbilt IT

Home > app-dev > password > Secure Password

Secure Password

Protecting Your Password 

  1. Never share your password with anyone over the phone or email. VUIT will never call you to ask for your password. Phishers, however, may pretend to be a system manager or university official as a way to steal your password and username to attack systems at Vanderbilt. This is referred to as "social engineering."
  2. Exercise caution when logging in with your VUnetID and password from unsecure networks. Hotel and public WiFi hotspots pose security risks and can lead to a compromise of your account.

Report any problems related to the security of your account or password to the help desk by calling (615) 343-9999.

Reusable Passwords

Avoid reusing passwords because if one account is compromised, other accounts with this same password could also be compromised and could grant an attacker access to multiple accounts and resources. VUIT encourages the Vanderbilt community to use password managers for securely managing passwords for multiple accounts. 

Password Managers:
http://keepass.info/
https://agilebits.com/onepassword

Strong Passwords

A strong password is at least 8 characters long and is comprised of uppercase, lowercase, numbers and/or special characters, and does not follow a pattern— thus making it difficult to guess.

To create a strong password, it is best to use logic that only you know by creating a string that utilizes the first letter of a series of words, along with numbers and special characters to make it easy for you to remember.

Example: "Oh say can you see by (the dawns early light)" could become "Oscysb$8."

Another way to create a strong password is to use a long string of random characters using a computer algorithm. This can be difficult to remember, so it would be important to use a password manager to help you create, store and access passwords.

Vanderbilt has instituted a password policy for all domain users that will enforce the use of strong passwords.

Details can be found here: https://int.vanderbilt.edu/admin/identity/SitePages/ePassword%20Policy.aspx

Weak Passwords

A weak password is generally short, less than 8 characters, and susceptible to dictionary attacks because it uses patterns and phrases that are easily guessed by a computer algorithm.

Below are some examples of weak passwords:

  1. User name VW - Passwords beetle, rabbit, Passat, etc.
  2. User name ford - Passwords Taurus, escort, etc.
  3. Any user name - Passwords Susan, Robert, sissy, buffy, or any other name.
  4. Any user name - Passwords P@ssword, passw0rd
  5. Any user name - Passwords 12345678, 9999999, 666, or any string of numbers.

Dos of Password Security

  1. Do use strong passwords.
  2. Do commit your password to memory rather than writing it down.
  3. Do use password managers to create, store and access multiple passwords.
  4. Do change your password frequently. It is best to change your password every three months for normal usage and more frequently if your password is used to access VUnet from other networks, such as other colleges, universities, businesses, etc.
  5. Do mix numbers, special characters, and both uppercase and lowercase letters in your password.
  6. Do lock your computer when you step away from your desk.
  7. Do log out of your account when you are finished. This will keep someone from using your access and privileges.

Do Nots of Password Security

  1. Do not share your password with anyone.
  2. Do not send it in an email message.
  3. Do not use your VUnetID password as a password on a website or subscription service.
  4. Do not use words or names from any language.
  5. Do not use words or names spelled backwards.
  6. Do not use personal data, such as your name, birthdate, Social Security number, phone number or address.
  7. Do not use your VUnetID as any part of your password.
  8. Do not use weak passwords.

Last Modified: 2016-08-17