Most of the questions we receive at the IT Help Desk are regarding passwords. Passwords may seem like a nuisance at times, but they are essential to our security. Below are some answers to common questions.

How long should my password be?

Long passwords take more time to crack, so the longer your password is, the better. Your Windows password can be a maximum of 32 characters. Get as close to that maximum as you can. The minimum length is eight characters. See City Point* for rules on length for other applications like Kronos and the Mainframe.

What should my password contain?

Requirements for passwords vary based on the application you’re using. But you should make sure your password contains at least one of each character type:

• At least one uppercase letter
• At least one lowercase letter
• At least one number
• At least one symbol (example: !, &, $, #, or %)

I keep forgetting my password. How do I create a strong password I’ll remember?

Padding, Passphrases, and the First Letter Formula are all techniques you can use to create user-friendly passwords that balance security with memorability.

Padding:
Take a short, simple password and make it longer by padding it with symbols.
Example: 2217Geo becomes **2217>>Geo**

Passphrase:
Invent a short, nonsense phrase like mermaids eat chicken on Tuesdays. Then apply complexity (add capitals, symbols, numbers) in a creative pattern that makes sense to you.
Example: merm8ds-EAT-chicken-ON-2sdays

First Letter Formula:
Choose a longer, impersonal phrase that’s easy for you to remember. Use the first letter from each word and then add capitals, symbols and numbers.
Example: Captain Jack Sparrow: Why is the rum always gone? becomes CJS:*Witrag?*

Make sure your password is not on the list of common passwords or in the dictionary, and don’t use personal information like names, places, or dates. For more about strong passwords, see City Point.

Why do I have to keep changing my password?

We change our passwords periodically to limit how long a stolen password may be useful. An attacker who has cracked your password may sit by passively and watch everything you're doing. When you change your password, you close the door on that attacker.

I know I'm entering the correct password, but I still can't login. Why?

You may have forgotten to change your password before its expiration date.

You will get a warning to change your password a few days before it expires. If you do not change your password in time, you will be locked out. To avoid this, change your password as soon as the notice pops up.

You may have forgotten to change your password on your mobile device.

Your mobile device may be set up to automatically login to the network and check your email at intervals. If you've just changed your password, and you forgot to change it on your mobile device, you may be locked out due to too many failed login attempts on your mobile device. To avoid this, change your password on your mobile device at the same time you change it on your computer.

I'm trying to create a new password and it's not working. Why?

Make sure your password conforms to the password rules for your application. For example, with Windows, you can't reuse any of the last ten passwords you've used. You also can't have more than three letters in your password that are also in your username. The specific rules for your application are available at City Point.*