Password Best Practices

Passwords are an essential aspect of the security of the Colleges’ Electronic Resources and they provide an important first line of protection for the Electronic Resources, Institutional Data, and intellectual property that resides at the Colleges. Having a strong password is one way that each User can contribute to the community’s overall security. Strong passwords help the Colleges prevent unauthorized or inappropriate access to various Electronic Resources like email accounts, online library resources, student information systems, financial records, file repositories, learning management systems, and administrative/transactional systems.

Create a Strong Password

In general, using a mixture of uppercase and lowercase letters, numbers, and symbols will give you a stronger password. Passwords should not contain your username. You can create a longer but still memorable password by combining words or phrases only you know; we recommend 8 characters minimum.

Keep Your Password Secure

After you've created a strong password, continue with the suggestions below to keep it safe:

  • Never share your password with anyone
  • Never save your password if prompted by your browser or any other programs
  • Never send your password in e-mail, even if the request looks official; such requests are most likely phishing attempts.

Change Your Password Regularly

Many articles regarding password security cite studies which show that changing your password every 30, 60 or 90 days does not offer the return on the investment of time and resources for most accounts. However, with all the phishing scams out there, often a person doesn’t realize they’ve been compromised until much later. Hackers don’t always act right away on utilizing information they take from these efforts. Changing your password every 365 days or once a year helps to minimize the scale at which these hackers can compromise an individual’s resources, which in many cases are also institutional resources.

As stated in the Password Policy, passwords will automatically expire after 365 days and must be changed. All users will be notified well in advance of their password expiring so that they may reset them without interruption in access to the Colleges’ network. All community members can manage their password at https://myaccount.hws.edu.

Need additional help? Contact the HWS IT Services Help Desk.