Search Google Appliance

Information Technology

Account Password Rules

Strong passwords protect your computer and personal information. Hackers often use ‘dictionary attacks’ to break passwords, trying every possible combination of characters.

Use these pages to learn how to create strong passwords you can also remember. Check our Safe Password Tips for more information about maintaining your password.

UMass Amherst IT Account Password Requirements

The following rules are required for your IT Account password. You can also use them for other passwords.

IT Account passwords:

  • Must be between 10 and 16 characters.
  • Must contain characters from 3 of the following 4 categories:
  1. Uppercase characters (A - Z)
  2. Lowercase characters (a - z)
  3. Digits (0 - 9)
  4. Special characters (limited to the following):
    ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
  5. Must not be on our list of insecure passwords.
  •  Cannot contain your NetID or your NetID backwards (e.g., if your NetID is jdoe, then your password cannot be 4xP/eodj/876).
  • Do not use any of your previous 5 passwords.

Strategies for Remembering Passwords

Complex passwords are notoriously difficult to remember. We recommend that you develop your own system for tracking passwords.

Create a Password Reminder in SPIRE

For your IT Account password, store a word or phrase in SPIRE to help jog your memory in case you forget it:

  1.  Log on to SPIRE with your NetID and password.
  2.  In the SPIRE navigation, go to My SPIRE > Change My Password. To set your reminder, you will need to change your password first.

Use Themes & Rules

Choose a theme for all your passwords (e.g., your passwords are always based on your favorite songs or movies). Decide on a few rules that you'll use to construct your passwords. For example:

  1.  Select a song: Rome wasn't built in a day by Morcheeba.
    Theme: music. Rule: Use song name and artist.
  2.  Condense into a string of letters: rwbinadbm
    Rule: Use the first letter of each word
  3.  3. Add complexity: RwBi@dBm*00
    Rules: The first and third letters are always capitalized. 'a' is always replaced by '@", the password always ends with a symbol and two digits.

Note: Please do not use this example. Hackers often try passwords available in reference materials.

Use Password Storage Software

Password managers such as KeePass, SplashID, 1Password or the Keychain feature for Mac OS X provide a central, secure location for all your passwords. Be careful, if you forget the master password or your computer breaks down, you will not be able to recover your passwords.

Note: UMass Amherst IT does not offer direct support for password storage software at this time.