Password Policy
Requirements for passwords at IAS are as follows:
Passwords must be at least 15 characters long.
Before being accepted, a password is checked to make sure it doesn't contain any identifiers such as your name or account username, and the password hash is checked against an online database of known compromised passwords.
There are no complexity requirements.
Whereas in the past you may have used something short and difficult to remember for your password involving different character sets, upper and lowercase etc., the current recommendation is to choose a string of random words together; which, although longer, is easier to remember as well as being more secure. We refer to this as a passphrase.
To change your SNS password, follow these instructions.
Some general advice on password choice and usage.
- Don't share your password with others.
Your password authenticates the your identity as the authorized user. You may be held responsible for misuse of the account if the password is shared with anyone.
- Use different passwords for different accounts.
Using a single password is the equivalent of using a single key for your car, house, mail box, and safety deposit box -- if you lose the key, you give away access to everything. If your password is compromised on one system, using different passwords on different systems will help prevent intruders from gaining access to your accounts and data on other systems. For example, if you have an account at another institution, you should use a different password for that account than you use for your SNS account. That way, if the password on one account is compromised, the other account is still protected.
- Don't leave any passwords where others can find them.
Don't leave any of your passwords where others can find them, for example on a post-it note on your desk. Never send them in email, leave them online in a file (unless encrypted), embed them in a script, etc.
We recommend the use of password management software such as Lastpass to store your passwords.