Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn


Sunday, December 17, 2017

  New Resources
Travel Tips for Data Security
Free Security/Privacy Training Resources
Two-step verification
Combating Malware
Phishing Archive
Cloud Computing and Data Outsourcing
Best Practices for Applications with Confidential University Data
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Wireless Networking
Encryption & digital signatures
  Best Practices
Secure desktop computing
Secure servers
Secure data deletion
Securing printers
Tips for safe computing
Computing policies
  More in-depth information for
Local support providers
System administrators
  Security initiatives
Critical host compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
Secure Space
Vulnerability Scanner
  Related links
Electronic privacy
Worms, trojans, backdoors

PennKey Password Rules

Passwords must be:
  • At least 8 characters.
Password must NOT be:
  • All uppercase or all lowercase. (Examples: ivyleague, IVYLEAGUE, and jklasdf are not valid passwords.)
  • Your PennKey username; your first, middle, or last name; or any variation thereof.
  • Based on a dictionary word.
    • "Dictionary" does not simply mean a standard English language dictionary — it also includes foreign language dictionaries and all kinds of specialized dictionaries that hackers use to crack passwords.
    • Embedding a number or case-shift within a word does not make a valid password. Systematic password guessing attacks are sophisticated and will routinely 'crack' such passwords. (Examples: time2go, big$deal, ivyLeague, 2morrow, money$, and Ivyleague are not valid passwords.
  • Composed of all numbers. Embedding decimal points, minus signs, or plus signs within a number does not make a valid password. (Example: 1-609-555-1212 is not a valid password.)

Selecting a Strong Password

  1. Think of a phrase that has special meaning only to you, or conversely that no one would suspect would have any meaning to you. It can even be non-sensical, such as:
    Orange elephants invade Alaska; film at eleven!
  2. Take the first letter of each word (maintaining case) to "assemble" your password, and include punctuation:

This is a pretty strong password, and not hard to remember if you keep the source phrase in mind. You can make it even stronger by "tweaking" it a little by use of substitution:


Of course, since that password is published here, don't use it as your password! For additional guidance, see Managing Passwords and Passphrases.

Last updated: Thursday, June 12, 2014


Information Systems and Computing
University of Pennsylvania
Comments & Questions

Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania