Loyola University Maryland

Technology Services

Password Security

Following are Loyola's password requirements and tips for making a strong password.

Password Requirements

All Loyola system passwords must contain:

  • at least thirteen (13) characters.
  • a combination of at least 3 of the following:
    • lowercase letter
    • uppercase letter
    • number
    • a special character such as !@#$%^&*()[]\;',./{}|:"<>?

Resetting Your Password

  • When you first get your account, you will need to enroll in "self-service" (make sure you are using Microsoft Internet Explorer or Mozilla Firefox). Craft a strong password that meets the above policy requirements.
  • Every six months, change your password.
  • Each time you change your password, verify that you can access all of your systems and services.

Creating a Strong Password

  1. Think of a sentence that you will remember. Example: "My son Aiden is three years old."
  2. Turn your sentence into a password. Use the first letter of each word in your memorable sentence to create a string, in this case: "msaityo."
  3. Add complexity to your password or pass phrase. Mix uppercase and lowercase letters and numbers. Introduce intentional misspellings. For example, in the sentence above, you might substitute the number 3 for the word "three," so a password might be "MsAi3yo."
  4. Substitute some special characters. Use symbols that look like letters, combine words, or replace letters with numbers to make the password complex. Using these strategies, you might end up with the password "M$8ni3y0." 
  5. Keep your password a secret.

Password Strategies to Avoid

  • Sequences or repeated characters (12345678, 222222, or abcdefg)
  • Avoid using only look-alike substitutions or numbers or symbols (P@ssw0rd)
  • Avoid your login name. Do not use any part of your name, birthday, social security number, or similar information of yours or your loved ones.
  • Avoid dictionary words in any language. Cyber criminals use software tools that can guess these passwords, even if they are spelled backward.
  • Avoid using only one password for all your accounts. If one password is compromised then all of your accounts are compromised.
  • Be careful with password recovery questions. Do not use your password as the recovery question's answer. Many sites will simply send you the password if you answer the question correctly.

How to Keep a Password Safe

Treat your passwords with as much care as you treat the information that they protect. Use strong passwords to log in to your computer and to any site where you enter your credit card number, or any financial or personal information.

  • Don't reveal passwords to others. Keep your passwords hidden from friends or family members (especially children) who could pass them on to other less trustworthy individuals.
  • Be careful with password recovery questions (e.g. "What was your mother's maiden name?"). Don't reveal these answers to others and don't choose questions with answers that are freely available on the web.
  • Protect any recorded passwords:
    • Be careful where you store the passwords that you record or write down
    • Don't store passwords on a file in your computer, because criminals will look there first
    • Don't carry passwords around in your wallet or hide them under your keyboard
    • Don't leave a record of your passwords anywhere that you would not leave information that the
      passwords protect.
  • Never provide your password over email or in response to an email request.
    • Any email message that requests your password or requests that you to go to a website to verify your password is almost certainly a fraud. This includes requests from trusted companies or individuals. Email can be intercepted in transit, and email messages that request information might not be from the senders they claim to be.
    • Internet "phishing" scams use fraudulent email messages to entice you to reveal your user names and passwords, steal your identity, and more.
  • Do not type passwords on computers when you’re on a network that you do not control.
    • Computers such as those in Internet cafes, computer labs, shared systems, kiosk systems, conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing.
    • Do not use these computers to visit chat rooms, check online e-mail, bank balances, business mail, or any other accounts that requires a user name and password .
    • Criminals can purchase keystroke logging devices for very little money and they take only a few moments to install. With these devices, malicious users can gather information typed on a computer from across the Internet.
  • Use more than one password
    • Use different passwords for different websites and services.
    • If any one of the computers or online systems using a particular password is compromised, all of your other information protected by that same password should be considered compromised as well.