Choosing a strong password not only protects your own data, but also protects others who use the department's systems. If your account is compromised, your data will be compromised, but it could also lead to a larger problem on the system as a whole.
General password tips
- Use a password manager (see below)
- Use two-factor authentication, if possible
- Use secure passwords (see below)
- Change your password often (see below)
- Never give your password to anyone (not even the EECS IT Staff)
- Do not use the same password on all systems (i.e., other schools, websites, computers)
- Never use the following as part of your password:
- Dictionary words
- Any part of your name
- Pet's names
- Any information others can look up about you
As people have more and more online accounts, keeping up with good practices like having a different password for every site or organization can become difficult or impossible. Thus for anyone now, a password manager should probably be a standard tool to use.
Some of the password managers out there include LastPass, SplashID, etc. Many of them have free versions (with limited features) that may be sufficient for your usage.
How often you should change your password
The University recommends that you change your password every 180 days. (See the University of Tennessee's password page.)
Choosing Good Passwords
Using a password manager, you should be able to create completely random passwords. Yet with a password manager, you may still have to remember a few passwords. Here are some techniques to help you do so.
Choosing characters at random can make a very strong password; however, such as password is likely to be forgotten. The best way to make a secure, seemingly-random password is to use a mnemonic. This can be done by choosing a saying, song lyric, or poem verse and use the first letter of each word as one part of the password. For example, "Blue canary in the outlet by the light switch" (TMBG - Birdhouse in Your Soul) could be written as:
Using a little bit of clever replacement, this password can become:
(Note: Now that this password is posted online it should never be used.)
When you are typing your password, just think about the song and you can recall all of the letters or replacements. In short time, you will become accustomed to the password and will have little trouble remembering it.
If passwords are over 20 characters in length (i.e., passphrases), the restrictions can be relaxed. Thus you can use an English-language sentence such as:
Yikes! I'm writing a passphrase to log in.
EECS Passwords Linked to NetID
On May 5, 2014 at noon, all EECS accounts will begin using NetID passwords rather than separate EECS passwords. This has been the department policy for new accounts for over a year, but will now apply to older accounts as well. Please see the frequently asked questions below for more information.
- How do I change my EECS password?
Since your EECS password is now directly linked to your NetID password, please follow the normal NetID password procedures. Please see the OIT Directory Services NetID password page for more information.
- I forgot my EECS password, what do I do?
Your EECS account now uses your NetID password. Please contact the OIT Help Desk for assistance in resetting your NetID password. If you enabled online reset of your password, you can also use the OIT Directory Services NetID password page. The EECS IT Staff cannot help you with resetting your NetID password.
- My EECS user name and NetID user name do not match, which do I use?
You will continue to use your EECS user name to log into EECS systems as before, only your password will be that of your NetID. For example, if your EECS user name is "jsmith" and your NetID user name is "jsmit123", you will continue to log into EECS Linux systems with the user name "jsmith" but use the same password as you're now using for "jsmit123".
- I want my EECS user name and NetID user name to match, what do I do?
The EECS IT Staff can change your EECS user name to match your NetID user name. This means that you will no longer use your old EECS user name but your NetID user name in all situations. Please see Ways To Get Help on how to contact the EECS IT Staff. Similarly, you may request that your NetID user name be changed to match your EECS user name. However, this is only possible if that name is available (not assigned to another user) and has never been used as a NetID before. Please contact the OIT Help Desk for more information.
- Can I continue to receive email at my old EECS user name if I change it?
Faculty Only: If you request to have your EECS user name changed to match your NetID user name, please let us know that you wish to continue using your existing eecs.utk.edu email address.
- If I change my EECS user name, will my personal website URL change?
Yes, if your EECS user name changes from "jsmith" to "jsmit123" your personal EECS website will change to http://web.eecs.utk.edu/~jsmit123
Faculty Only: The EECS IT staff can create a server-level redirect from your old URLs (e.g. ~jsmith/foo.html) to your new URL (~jsmit123/foo.html). Please let us know if you want us to put this in place.