Page Menu

Password Security

Selecting Your Password

When creating your new UMass Chan Medical School password, remember that you will be required to adhere to the University’s standards for strong passwords as dictated by the Password Policy. Passwords must be 8-14 characters long and contain three of the four of the following character types:

  • Lower case characters
  • Upper case characters
  • Special characters
  • Numbers

Additionally, your password cannot contain part of your name or be any of the previous 10 passwords.

Passwords should never be shared with another user.

Create a password that is easy to remember but hard to guess. Try using passphrases as opposed to dictionary terms. For example: “ILove@pplePie!” contains all necessary character elements. You’ll find passphrases much easier to remember!

(Do not use this example – now that it’s posted on the Internet, you can bet thieves will try to use it to access a UMassMed account!)

Did you know?

The 25 most common (and insecure) passwords of 2017 are listed below, If your password resembles any of these, it should be changed.

1. 123456

6. 123456789

11. admin

16. starwars

21. hello

2. password

7. letmein

12. welcome

17. 123123

22. freedom

3. 12345678

8. 1234567

13. monkey

18. dragon

23. whatever

4. qwerty

9. football

14. login

19. passw0rd

24. qazwsx

5. 12345

10. iloveyou

15. abc123

20. master

25. trustno1

 

Tips to create a strong password:

  • The longer, the better. The more characters, the harder it is to guess.
  • Take out all the vowels from a short phrase in order to create a "word".

o    "Example: thprkshg  ("the park is huge") 

  • Use an acronym: select the first or second letter of your favorite quotation.
    Example: ismcwLaH (‘I serve my country with Love and Honor’)
  • Combine letters and non-letters in your passwords. (Non-letters include numbers and all punctuation characters on the keyboard.)
  • Transform a phrase by using numbers or punctuation.
    Examples: hGd9te (have a good night), UR1drful (you are wonderful),
  • Avoid choosing a password that spells a word. But, if you must, then:

o    insert "silent" characters into the word. Example: fl12ower!

o    Deliberately spell word or phrase wrongly. Example: choklutt, Kumputer

o    Choose a word that is not composed of smaller words.

  • Add random capitalization to your passwords. Capitalize any but the first letter. Example raInbOw3!
  • Mix of alphabetical, numeric and symbolic characters.
    Example: eIeIoH!, hd3g1!8g
  • Consider using long word and number combinations. For example, take four words, and put some numbers between them: stiff3open92research12closer,
  • An acronym for your favorite saying, or a song you like.
    Example: GykoR-77 (Get your kicks on Route 77) or TGIF! (Thank God its Friday) 
  • An easily pronounced nonsense word with some non-letters inside.
    Example: gaRuu!4
  • Reset your password at least once a year. Better yet, change your password every few months to shrink your exposure window. You can make three or four passwords if you like, then switch them throughout the year.
  • Avoid using the same password on multiple accounts. When one site is compromised, hackers try to use those passwords to access accounts on other sites. Don't let one break-in give hackers access to all your accounts.
  • Avoid using names and phrases that are popular in your community. Example “Patriots” “RedSox” if you are in MA.