Why Your BroncoPassword Is Important
Your BroncoName is a unique identifier used to access information services and systems at Cal Poly Pomona.
Many frequently-used systems at Cal Poly (e.g., Active Directory, Blackboard, BroncoDirect, etc.) require a BroncoName and BroncoPassword.
Anyone who knows your BroncoPassword can access (and sometimes change) personal information about you, including:
- Class Registration
- Bank Routing Numbers
- Grades
- and more!
For more information about your BroncoName and BroncoPassword, visit Identity Management.
Top 10 BroncoPassword Tips
- Never tell your password to anyone!
- Never write down your password.
- Make your password hard to guess — do not use the name of your pet (or your child).
- Avoid using single words. A good choice is using a pass phrase.
- Never write down your password.
- Never tell your password to anyone!
- Be sure that you don't use personal identifiers in your password (like your name or BroncoName).
- Never write down your password.
- Take responsibility for your BroncoName and BroncoPassword.
- And never tell your password to anyone!
A compromised password not only puts your own information at risk, it may also expose sensitive campus data and systems. Did we remember to say, never to tell your password to anyone?
Examples of Extremely Bad Passwords
- Your name in any form - first, middle, last, maiden, spelled backwards, nickname or initials
- Your user ID or your user ID spelled backwards
- Part of your user ID or name
- Any common name, such as Joe
- The name of a close relative, friend or pet
- Your phone number, office number or address
- Your birthday or anniversary date
- Simple variants of names or words (even foreign words), simple patterns, famous equations or well-known values
- Your favorite sports team (NFL, NBA, MLB, etc.)
- Your license plate number, your social security number or any all-numeral password
- Names from popular culture (e.g.: Beatles, Spiderman, etc.)
What's a strong password?
NOTE: Obviously, you shouldn't use any of the passwords used as examples in this document. Treat these examples as guidelines only!
A strong password is one that’s hard to crack. A strong password must have all of the following:
- Your password must be no fewer than eight (8) characters in length. However, a good choice is a "pass phrase" composed of four (4) words and punctuation.
A pass phrase is a longer version of a password and is therefore more secure. A pass phrase is typically composed of multiple words.
- Note: Though technology constraints may impose maximum length or other restrictions, use of pass phrases shall be supported where possible and practical.
- Examples of pass phrases:
- I like ice cream.
- Turn Off Cell Phones!
- It was hot today.
- Cal Poly Broncos rule!
- At least three of the following four types of characters:
- It must have at least one number.
- It must have at least one uppercase letter.
- It must have at least one lowercase letter.
- It must have at least one symbol (!,@,#,$,^).
For more information on password complexity, visit Password Complexity Guidelines.
For advanced techniques on creating a strong password, see Creating a Strong Password: Advanced Techniques.
Quiz Yourself
Quiz 1:
A strong password can be all that stands between you and identity theft. Is your BroncoPassword strong enough?
The following passwords meet the minimum requirements for BroncoPasswords. However, all but one are still too weak.
Choose the strongest password from this list:
A. aunt.sue.1
B. reepicheep.0
C. r33pich33p!
D. Ac@8myham*
E. A123.456
F. 6.62e-34
Check your answer below!
A. No: Avoid proper names; B. No: Avoid fictional characters; C. No: Avoid simple substitutions; D.Yes: This is the best choice; E. No: Avoid simple patterns; F. No: Avoid famous equations
Quiz 2:
Which password is stronger?
A. I can remember this.
B. @#F{t67M*9ioE2$%
Check your answer below!
A: A pass phrase composed with four words and punctuation
is stronger than all 14 character complex passwords.
Quiz 3:
How long will it take to break each of the following passwords?
A. 7584248b8d2c9f9e
B. 902139606b6d16b5
C. f9393d97e7a1873c
Check your answer below!
Less than 5 seconds for each one! A pass phrase composed with four words and punctuation
is stronger than all 14 character complex passwords.
Guidelines for Protecting Your Passwords
- Safeguard your password: All passwords are to be treated as confidential University information.
- Take responsibility: You are responsible for the security of your passwords, and accountable for any misuse if they are guessed, disclosed or compromised.
- University representatives will never ask for your password: It is against University policy for a technology service provider to request a user’s passwords. If someone demands a password, refer the person to this document or have the person call the I&IT Help Desk.
Note: The personnel at the Help Desk will provide you with a temporary password if you ask them to reset your account. Remember to change it as soon as you can.
- Make your BroncoPassword unique: Do not use your BroncoPassword for any other services offered at Cal Poly Pomona or elsewhere (i.e. personal Internet service provider accounts, free online email accounts, instant messaging accounts, other online services, etc.). Your BroncoPassword should be unique from every other password that you use. This will limit your exposure if any of your passwords are compromised.
- Avoid using the "Remember Password" feature: These features, typically used to access secure applications (i.e. email, calendar, financial systems) and Web browsers (i.e. Mozilla Firefox and Internet Explorer), do not adequately protect passwords. It may be possible for a computer virus or unauthorized user to gain access to this stored information.
- Clear the cache of your Internet browser before quitting your browser: Quitting a web browser does not mean that cookies and related files are removed from your machine, so remember to clear the cache before quitting the web browser when you are finished using it unless no one else has access to the computer you are using.
- Quit your Internet browser when you are finished using it: When you use your password with a web browser like Firefox or Internet Explorer, it saves the password in memory as long as it is running, so remember to quit the browser when you are finished using it unless no one else has access to the computer you are using.
- Report compromises immediately: If you suspect your account or password has been compromised, report the incident to the Incident Response Team at abuse@csupomona.edu or call the I&IT Help Desk at 909.869.6776 to change the password immediately. If you think someone else has your password, you can reset your password right away (before he/she resets it and steal its from you).
Changing Your BroncoPassword
You can change your BroncoPassword yourself at My Control Panel.
In order to change your BroncoPassword, you will need to log in first using your BroncoName and current BroncoPassword.
Advanced Techniques
Strong Passwords
Passwords are crack-able primarily through brute force "dictionary" attacks, where software tries to guess a password by running through a series of common phrases or words in various combinations.
Password crackers have gotten much more sophisticated these days. Now, they check hundreds of common "root" passwords.
For a list of common root passwords, visit:
http://geodsoft.com/howto/password/common.htm.
Coming up with a Strong Password
Simple rules on how to create a password that cannot be easily cracked by such methods as mentioned above and that can be easily committed to memory. (Mind you, given enough time, any password can be cracked, but the following suggestions will make it much harder.)
- Use a "root" that is not in the common root passwords list.
- Put your "appendage" (or two of them) in an unusual place: Either in the middle of the root or at both the beginning and the end.
- Examples: Use a word that you can pronounce but which is spelled "wrong": armwar or pitchsure or baysball are all examples. Then attach your appendage(s): arm9!9war or 1066pitchsure6601or bay1776sball.
Note: When misspelling a word, do not use a common misspelling.
Example misspellings:
- Password: "Phnybone1" instead of "funnybone"
- Password: "p0pcrnbll"
- Passphrase: "Warking for CPP is fun."
(Note: Information taken from an article written by Christopher Null, longtime technology and business journalist. His synopsis summarized suggestions by Bruce Schneier, author of some of the most influential books on computer security and cryptography ever printed. For more information, visit How to Pick a Genuinely Secure Password.)
Additional Tips
Coming up with a password that's both strong and easy to remember can take some creativity. Try thinking of a phrase (i.e. part of a book, poem or song), and use it to form a password you’ll remember.
NOTE: Obviously, you shouldn't use any of the passwords used as examples in this document. Treat these examples as guidelines only!
For example:
- "All of Gaul is divided into three main parts." would be "AoG/i3mp."
- Insert symbols (punctuation) after every third character.
- Use an upper case letter after every number.
- Press the Shift key after every other character.
- Pick letters from a phrase that's meaningful to you.
- Example:
Pass Phrase - Do you know the way to San Jose?
- Use several small words with punctuation marks.
- Example: Password - betty,boop$car.
- Use at least four words and a punctuation mark.
- Example: Passphrase - I do not have to write down my password!
- Combine a number of personal facts like foods you disliked during childhood.
- Example: Food - rice and raisin pudding
- Password: ric&rAiPudngNote:
- Use the first letter of each word in a phrase with a random number.
- Example: Phrase - "hard to crack this password daily"
- Combine punctuation or numbers with a regular word.
- Example: Password - Roos%velt
- Example: Password - H00ked on ph0nics werked 4 me?
- Be creative! Come up with your own system — the possibilities are endless.
NOTE: Obviously, you shouldn't use any of the passwords used as examples in this document. Treat these examples as guidelines only!
eHelp
