NetID Password Standard
Georgetown University is committed to protecting the confidentiality, integrity and availability of its data and that of its community members. To achieve these goals, University Information Services is constantly working to incorporate security controls necessary to address the ever-changing cyber threat landscape. Phishing for personal data and account hacking are the two leading threats to all of our data. Consequently, UIS has updated the security standard for Georgetown NetID passwords. Each NetID account holder is required to adhere to the guidelines and procedures associated with this standard in order to continue to access University technology systems and resources.
1. Password Length
According to the Center for Internet Security (CIS), length is the most important aspect of a good password. Passwords that are longer in length are statistically harder to guess than those with 8 or fewer characters. Sophisticated hacking tools can crack a short password in fewer than 3 microseconds. As part of Georgetown’s ongoing effort to protect the University’s members and its data, UIS is requiring the use of multi-word passphrases rather than passwords.
2. Password Creation
Studies indicate that when users create passwords with words they are familiar with, they tend to be more easily cracked by hackers.
Randomly-generated word groups or phrases are more resistant to cracking tools and information mining. According to LastPass, Over 80% of hacking-related breaches are due to weak or stolen passwords.
So creating a truly random combination of words and symbols to form an unpredictable string that cannot be easily associated with the user is the best method of generating a strong passphrase.
As of December 2020, the Georgetown password management system has been updated with new requirements:
- NetID passwords will be required to contain more than eight (8) characters
- NetID passwords will be generated randomly by the Password Station password generator tool
Read more about the importance of using multiple random words here in this article from the National Cyber Security Centre
For questions or assistance, contact firstname.lastname@example.org.
updated June 2022