Passwords
People often don't spend much time thinking about their passwords, but there are a number of security issues associated with passwords. First we'll talk about your Loyola password, and then we'll move on to talking about more general password issues.
Your Loyola University Chicago password
When your account was created at Loyola University Chicago, you should have received a piece of paper with your universal ID (UVID) and password. The password is generated by an algorithm, so it may not be difficult for someone who knows the algorithm and information about you to determine your initial password. Therefore, you should change your password once you receive it. To emphasize this, your password will be set as "expired". This means that you will only be able to logon to Loyola systems 6 times before you change your password. This includes any Unviersity system, such as Student E-Mail, LOCUS, Blackboard, etc. Each time you provide your password counts as one of your 6 uses. To avoid this, you should change your password once you receive it. To change your password, go to PAM, Loyola's Personal Account Manager. Instructions on using PAM can be found here.
Resetting your Loyola University Chicago password
There are 2 methods available to change your Loyola University Chicago password.
1. If you are off-campus, you can call the ITS Help Desk at 773-508-4 I T S (773-508-4487) from 8:00 AM to 5:00 PM, Monday through Friday. They will ask you a series of questions to confirm your identity, and walk you through using PAM, so the ITS Support Center operator will not know what your password is.
2. If you cannot use any of the above methods, or you have previously configured PAM, then you can you the preferred method of resetting your password, which is PAM. The are a number of reasons why PAM is the preferred method. These include
- It is accessible 24 * 7
- It can be accessed both on-campus and off
- It allows you to resolve any password issue you are having, even forgotten, locked, or expired passwords, as long as you can remember the answers to two questions that you picked
Choosing good passwords>
You will find that you have a large number of passwords for different websites to remember, so it may help to classify the websites based on how bad it would be if someone else found your password to that site. Then make sure to choose strong passwords (described below) for those sites, and try and use strong passwords for the rest. For instance:
| Type of Site | Sensitivity | Type of Password |
|---|---|---|
| Banking sites, student loan sites, primary email address | Extremely sensitive | Very strong password |
| University account | Very sensitive | Strong password |
| Instant messenger, other email accounts | Sensitive | Good password |
| Free sites that require logins but store no personal information (credit cards, addresses, etc) | Less sensitive | OK password |
Good passwords share a number of characteristics. These include:
| Length | A minimum length of 8 characters. The longer the password, the better the password is. |
|---|---|
| Multiple character types | There are 4 character types. These are lower-case alpha (abc), upper-case alpha (ABC), numbers (123), and special (%+>~). The more types of characters in a password, the better the password is. |
| Not a word found in a dictionary | Many programs used to attempt to guess passwords can be configured to use dictionaries to try commonly known words. So using passwords that are found in English dictionaries ("password"), non-English dictionaries ("kennwort" or "contrasena"), or words and acronyms that are commonly known to certain groups ("wysiwyg" or "fubar"). Words in dictionaries are terrible passwords. |
| Unrelated to you | Passwords that relate to you may be guessed by people who know you. Using your mother's maiden name, your pet's name, your license plate number, your hobby, or other easily found information as your password makes for terrible passwords. |
| Not part of your user ID | Using any part of your user ID leads to a bad password. This includes if you modify it in some way, such as turning your user ID around. |
It is also important that you do not use the same password for multiple sites. If you do, and someone learns your password on one site, they will be able to access every site that you used that password on.
Password standards at Loyola
The password standards for your Loyola Universal ID are as follows:
- Minimum length 8 characters
- Must contain at least 2 alphabetical characters (abcABC)
- Must contain at least 2 numerical characters (0123)
- Must be different than your previous 9 passwords
Additionally, access to your account can be locked if certain events occur. These events include:
- Expiration of your password
Your password will expire 180 days after you set it. Once your password has expired, you will need to go to PAM to reset it. If you have never used PAM, you will need to contact the ITS Support Center.
- Login failure lockout
Your account will become locked if you incorrectly enter your password 6 times. Once this has occurred, you will need to wait at least 16 minutes from the last incorrect login attempt for your account to unlock itself. Once your account is unlocked, you can attempt to login again. If you have set up PAM, you can reset your password via PAM which will unlock your account.