As technology evolves, it has never been so important to have a strong, secure password. Active students, faculty, and staff can change their passwords both on and off campus using the Password Reset Tool. Passwords are required to be reset yearly. In other words, your password will expire one year from the day that it was last changed. Texas Wesleyan has a policy in place to help you understand the best practices for password strength.

Users must have passwords that are difficult to guess. This means that passwords should not be related to a user’s job or personal life. For example, a car license plate number, a spouse’s name or fragments of an address should not be used.

This also means passwords should not be a word found in the dictionary or some other part of speech. For example, proper names, places, technical terms and slang should not be used.

The requirements for creating passwords means that users must create a password that is at least eight characters long, contains at least one uppercase letter and one number or special character. 
Users can choose easily remembered passwords that are difficult for unauthorized parties to guess if they:

• String together several words into a pass phrase.
• Shift a word up, down, left or right one row on the keyboard.
• Bump characters in a word a certain number of letters up or down the alphabet.
• Transform a regular word according to a specific method, such as making every other letter a number reflecting its position in the word.
• Combine punctuation or numbers with a regular word.
• Create acronyms from words in a song, a poem, or another known sequence of words.
• Deliberately misspell a word.
• Combine a number of personal facts like birth dates and favorite colors.

When a password change is required, users should create a new password that is not identical to the last two passwords previously employed.

Passwords may not be stored in readable form in batch files, automatic logon scripts, software macros, terminal function keys, in data communications software, in Web browsers, on hard drives or in other locations where unauthorized persons might discover them.

Passwords may not be written down and left in a place where unauthorized persons might discover them. Aside from initial password assignment and password-reset situations, if there is reason to believe that a password has been disclosed to someone other than the authorized user, the password should be changed immediately.

Passwords may never be shared or revealed to anyone else besides the authorized user. If users need to share computer resident data, they should use electronic mail, local area network servers, and other secure mechanisms.

This policy does not prevent the use of default passwords, typically used for new user ID assignment or password reset situations, which are then immediately changed when the user next logs onto the involved system. All passwords must be immediately changed if they are suspected of being disclosed or known to have been disclosed to anyone other than the authorized user.

Want to know more? Review the complete Network Protection and Information Security Policy.

For questions or concerns, please contact:

Service Desk
817-531-4428
servicedesk@txwes.edu