An Easy Recipe for a Compliant Password
1. Take two common words that have a combined total of at least seven characters; e.g., 'hours' and 'tree.'
2. Add a number, and use as your password; e.g., '9hourstree,' 'hours9tree,' or 'treehours9.'
NOTE that you can't use common words that form a natural compound, such as 'yard' and 'arm.'
In addition to being between eight and 32 characters, a valid Amherst password must obey the following rules:
- Include at least two of the following four types of characters:
- lower case alphabetic (a to z)
- upper case alphabetic (A to Z)
- numeric (0 to 9)
- special ( !@#$%^&*() )
- When stripped of any beginning and/or ending numerals and special characters, the remaining letters must not be a common password (e.g., 111111 or qwerty) or an English, French, Spanish, or German word.
- For example, 1%bonjour6 fails because, once you strip off the leading and trailing special characters and numerals, what you have left--bonjour--is a word you find in a French dictionary.
- Note that bon4jour is a legal password because numerals and special characters are only stripped from the beginning and end of the proposed password. bon4jour isn't found in any dictionary.
- You can’t reuse any of your previous ten passwords
- Ten minutes must have elapsed since you last changed your password.
PASSWORD LOCKOUT POLICY
If 20 failed attempts to log in to any user account occur within a ten-minute period, that account will be blocked from all College supported electronic resources for the next ten minutes so that IT can verify that no one is trying to gain unauthorized access to our network.