The UF has a "strong" password standard that requires a minimum number of characters, 3 of the 4 kinds of characters on standard micro keyboards, scheduled changes, no words that appear in the dictionary, no reuse, and so on.   They also vary by authorization levels as described in (2) directly below. All users of UF IT systems should be familiar with the standards and specifications at the following UF IT sites:

   (1) www.it.ufl.edu/policies/information-security-and-compliance/authentication-management-policy
   (2) www.it.ufl.edu/policies/information-security-and-compliance/authentication-management-standard
   (3) www.it.ufl.edu/policies/information-security-and-compliance/password-complexity-standard

The password complexity standard set July 15, 2013 includes 33 special characters:

The standard is very explicit on what cannot be the case, but does not suggest what can be the case.   It is very similar to other published standards in this respect.   You may wish to use the following mode for setting a password you can easily remember.   It has been in use and recommended for years: the familiar backward mode.

1. Pick a familiar, but not personal, name for a person, item, pet, etc., you can easily remember e.g., Mike your first school roommate, a cedar tree in a park, Rex a neighbor's dog.

2. Decide what you want to call the type or thing, e.g, roomie, plant, canine.

3. Establish the age designation of it, e.g., Mike was born in 1946 = 46, the tree was first seen in 2001 = 01, Rex is 5 years old = 05.

4. Establish the number of times alphabetically your current familiar backward set has been used, e.g., the first is z, the second is y, the third is x. etc., backward-corresponding alphabet letters in the two Alpha lines above.

5. Employ the backward rule for the password, i.e., the name backward, use-times alpha designation, the type backward, and the age designation backward. Start with a capital.

   Ekimzeimoor64

   Radecztnalp10

   Xerzeninac59

6. Add one (or more) acceptable special character(s) so the total number of all characters is 9 or more.   Examples:

   • Ekimzeimoor!64 (Ekim = Mike, z, iemoor = roomie, !, 64 = 46)
   • Radecztnalp10#
   • *Xereninacz59

   Place the age designation special character in any position you prefer so you can easily remember your password.   Note that the left-slant accent mark cannot be used.   The accepted special characters could change in the future.  The age designation could also be numbers from 01 thru 99, for example, and placed in any location that is easy for you to remember.

7. The above 3 examples meet the UF standards above.   Note that Rex has the type canine not dog because dog backward is a word in the dictionary.  Do NOT use any example used here.   The standard in (3) includes policy levels (P1-P5).   The "Minimum entropy bits" requirement, 31.5 at most, can be measured by a "password entropy bits calculator" found via a search engine. The one at blog.shay.co/password-entropy for entrophy bits gives the following results:

   Ekimzeimoor!64   88.25

   Radecztnalp10#    89.01

   *Xereninacz59    82.19

   You can enter the blog.shay.co link above for password entropy and get scores for your current passwords.

8. The above mode assumes a minimum of one character must be changed when the time comes for a required change.  The above examples would be as follows after the first change.   As of this version, one change is necessary and sufficient to change a password that meets the UF standards.

   Ekimyeimoor#64

   Radecytnalp10$

   (Xereninacy59

9. You will find it easy to create and remember a name-type-number, type-name-number, name-number-type, and so on sequence your can easily remember.   And, easy to enter the items backwards on your keyboard after 5 or 6 entries, though you will likely find it clumsy to type it initially.   Again, use familiar not personal sets to decrease the probability your password can be hacked by someone that knows personal information about you such as your spouse's name, a child's name or your various addresses.

10. Do NOT write down your password.   A purpose of this mode is to eliminate the need to do so.   Writing down passwords is a very common, albeit, bad, security practice.   A Google search 05NOV13 on the exact word string, "have written down their password", gave a link to passwordresearch.com reporting a number of bad practices including (a) 64 percent of end users report writing down their password, (b) 70 percent do not use unique passwords for each site, and (C) 33 percent shared their password in the last month (http://passwordresearch.com/stats/statindex.html).

11. Do NOT tell anyone you are employing this modality.   Hackers' work is made easier with knowledge of patterns or modes used to create passwords.   There are a number of free password generators available on the Web. A Google search on the word string, "free password generator", gave 1.12 million(!) sites.    

12. You can use a small, easy-to-use and free utility to store userIDs, passwords, hints, and site URL's on PC's: it encrypts the user's file and requires an encripted password to open it. You can get it here: plaza.ufl.edu/dicke/cnso/pswdprom.zip. Created in 1999, it was updated in 2000 and works in Win XP, 7, and 8.   After unzipping pswdprom.zip's files into a subdirectory, run passprom.exe.  The first time you do so, you will be prompted to enter the password you will use to enter it.   That first execution will also build an encrypted file named ppinfo.dat: it will contain your selections for each userID, password, and related information for each site.   Create a desktop short cut for passprom.exe for easy, quick access.

    When opened, a list of the named sites is shown.   Click on one to get a window of that site's entries; you can click on the icon to the right of the URL entered for that userID and password to open the URL site.   Then, the userID and password can be individually copied and pasted into the respective fields of the opened site.   An updated copy of ppinfo.dat can be kept on all your micros so you have uniform userID/password security.

13. On 9/10/05 Dilbert gave the world a humorous view of how many consider very strict password policies. The boss known by his pointy hair finished with, "... and starting today, all passwords must contain letters, numbers, doodles, sign language and squirrel noises."

    ---