CUMC Home | Columbia University | Jobs at CUMC | Contact CUMC | Find People
     
Columbia University Medical Center logo, Columbia University Medical Center Information Technology
 
 
For support: call extension 5-Help (212-305-4357), email us, or instantly connect to a technician with CUMC IT eSupport

 

  Computer Security
Home
Operating System and Software Updates
Password Policies
Physical Security
Email Security
Viruses and Spyware
Backing Up Your Computer
Using a Firewall
Risky Behavior

 

Password Policies

Access to technical resources at CUMC often requires the use of multiple logins and passwords. Though it can be frustrating to keep track them all, it is important that you are vigilant in selecting passwords that are strong and provide a high level of security. This is particularly important on a campus that has access to patient data and must comply with HIPAA policies.

What is a Strong Password?

A Strong Password is designed to be very complex and therefore very difficult to guess or crack. To be sufficiently complex, it must:
  • Be over 8 characters long.
  • Use a combination of upper and lower case letters.
  • Include at least one numeric and/or special character (&, ?, @ etc).
A typical password cracking program running on a fast personal computer can guess 10,000,000 passwords per second†. If the password uses all available types of characters on a keyboard:
  • A 4 character password has 85 million possible combination, and would take the program only 8.5 seconds to guess.
  • A 6 character password increases the possible combinations 782 billion would take up 22 hours to guess.
  • An 8 character password provides 7.2 quadrillion combinations and would take up to 23 years to guess.
† Calculations from http://www.lockdown.co.uk/?pg=combi, 96 Characters/Class D attack chart.

Other important guidelines include:
  • Do not use or include a word that can be found in a dictionary - English or otherwise.
  • Do not base your password on personal information that someone who knows you may be able to guess.
  • Do not use the same password for all of your logins.

Many viruses and malicious programs use incredibly long lists of common passwords, names and dictionary words that they systematically go through to try to crack into a system. This is one reason why it's important to make sure you are selecting a strong, unique password.

The Microsoft Guide to Creating Strong Passwords has excellent tips on how to select and remember a strong password.

More about passwords:

  • You should never share your password with anyone, including technicians. The CUMC IT Service Desk staff will never ask for your password.
  • If you have a unique username and password for a system, especially one that can access patient data, you should expect that the access can be tracked, and that you can be held responsible for policies violated under your account if someone else is able to log on as you.
  • For your main Columbia email account, you can log on to myUNI and select the option to Change Your Password whenever you would like. The new password will take effect immediately.
  • If you have a Domain Account (login to a work computer that is on the MC domain) and/or a CUMC IT Exchange email account, you can set up a profile on the myPassword web site to change, reset or unlock your password immediately.
  • Avoid letting software save or store your passwords. Besides increasing the chance that someone will be able to access data on your computer or personal information, you are more likely to forget the password if you do not type it in regularly.
  • Make sure you always log out of programs or web sites when you are done working with them, especially on public computers.

| TOP |

Last updated 2/04/2010

 
 
 
 
bullet Home                bullet Getting Started                bullet Getting Help                bullet Email                bullet Quick Links                bullet About CUMC IT
CUMC Home | © Columbia University | Affiliated with New York-Presbyterian Hospital | Comments | Text-Only Version