Creating Stonger Passwords
UH has a strong password standard to protect the university's systems, data and network. UH's password security recommendations are commensurate with the importance of the protected information and data.
This means that low-risk, less-critical UH systems such as IT Training or personal e-mail accounts don't require the same degree of password protection as systems with higher risks associated with them.
UH Password Standard
- Minimum Password Length: 8 characters
- Expire passwords every 180 days and prevent their reuse for a year
- Passwords must contain at least one character from each of the following classes"
- Alphabetic: Upper or lower case (a-z, A-Z)
- Numeric: 0-9
- Special Characters: ! # % & ( ) * @ ^
- Lockout: After multiple consecutive failed login attempts an account will be locked for 5 minutes.
One way to meet the suggested criteria for creating strong passwords is to mix special characters, upper and lowercase letters, and numbers, and associate them with a phrase or song titles. The following example demonstrates how you might do this:
- Choose a Phrase:
Home of the University of Houston Cougars.
- Write down the first character of each word:
(To meet the 8 character minimum, Cougars was hyphenated as "C-s".)
- Substitute special characters and numbers to increase complexity:
Passwords should NOT be:
- based on personal information, such as names of family, dates, addresses, phone numbers, pet names, etc.
- based on work information, such as room numbers, building name, co-worker's name, phone number, etc.
- made up of a word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, abcABC123, etc.
- a word or combination of words found in any dictionary in any language, slang, dialect, jargon, etc.
- based on your username, your real name, handle, nickname, screen name, etc.
The Password Reset web site already adheres to these stronger password requirements.
The purpose of a computer account password is to grant access to the account owner and restrict it from others. As a security measure, computer account passwords expire on a regular basis and must be changed. It is the responsibility of the account owner to make the password something that is easy to remember but difficult for someone else to guess. UIT recommends you change your passwords every month.
Lost or forgotten passwords can be reset online by the owner of the computer account. The computer account owner can request a password reset online or by contacting the IT Support Center at 713-743-1411 or Livechat. Account ownership will be verified using your Cougar Card and other demographic credentials.
Recommended IT Best Practices
Password Use and Computer Account Security
If you use a computer system at UH, University Information Technology (UIT) recommends you change your password every month. Since potential computer hackers use a variety of methods to obtain passwords, customers who change their passwords regularly will decrease the likelihood of an unauthorized person accessing their accounts.
Passwords may be obtained through a number of ways. The most common methods involve using familiarity with the person to guess their password, checking near a computer for written passwords, or by simply overhearing or being told the account owner's password.
In addition to regularly changing their passwords, IT customers should do the following to ensure their passwords are secure:
- Do not choose passwords which may be easily guessed or obtained from another source, such as the name of anyone closely associated with the account owner (including pets), phone numbers, project or class assignment names, or any easily associated word.
- Choose a password that is at least eight characters long. The longer the password, the harder it is for hackers to crack.
- The most effective passwords use random characters, but are easy to recall. For example, passwords that mix words with numbers (drive55) or contain more than one word (callyourmom) are harder for hackers to find by a dictionary or spell checker.
- Change passwords often. IT recommends customers change their passwords at least once a month to discourage hackers. Remember, an expert hacker may eventually discover your password given enough time to work on it.
- If you have reason to believe your account has been tampered with, change your password immediately and contact IT Security at 832-842-4695 or email@example.com.
- Never share a password with anyone, and avoid writing passwords down. Account owners are personally responsible for their accounts and will be held liable for any misuse. Passwords do not appear on the screen when you type them.
Customers who need assistance with their passwords should contact their local support providers, or the UIT Support Center at 713-743-1411 or Live Chat.