Passwords

If you ever suspect that your account has been compromised, immediately do the following:

There are several systems at UALR that require a username and password before logging in, including

You may set or reset the passwords for your NetID, FACSTAFF, STUDENTS, Email, or Banner accounts in BOSS.

Setting strong passwords

State law requires UALR to have a password policy for all “mission critical” systems. This currently includes Active Directory (Windows domains such as FACSTAFF and STUDENTS) as well as the Banner system. The minimum password rules for mission critical systems are:

  • Passwords must be changed every 90 days.
  • Passwords may not be reused within six password changes from the last time you used it.
  • Passwords must have at least 8 characters consisting of at least one alphabetic character and at least one numeric or punctuation character.

In addition, we suggest the following best practices for setting strong passwords.

  • Use a password with a mix of letters, numbers, and symbols. And a longer password is better (at least 12-14 characters).

    Using numbers, symbols and mixed-case letters in your password increases the difficulty of guessing or cracking your password. For example, there are more than 6 quadrillion possible variations for an eight-character password with numbers, symbols, and mixed-case letters — 30,000 times more variations than an eight-character password with only lowercase letters.

  • Avoid passwords with simple words or any variation of your username or personal information that may be public (e.g., your name, your birth date, social security number, etc.).
  • Avoid passwords with easily guessed “likes” or “dislikes” (e.g., RedSox, hunting4deer, etc).
  • Consider using a different password for each website you log into.
  • Change your passwords regularly.
  • Do not share your password with anyone.
  • If you store passwords on a mobile device such as your phone, make sure your phone can be locked behind a PIN or master password.

Storing passwords in a web browser

All modern web browsers offer you the option to store a password in their password databases after you log into a website. While this is highly convenient, it could mean that anyone that has access to your computer or mobile device can log into websites without you present.

We recommend that before you save any passwords in a web browser, you first set a master password that will be required before the browser will be able to retrieve any stored passwords. At this time, the only browser with this functionality built-in is Mozilla Firefox. Other browsers require add-ons or extensions to protect stored passwords with a master password.

If you store your passwords in your web browser without using a master password, please make sure your computer or mobile device is set to lock itself when you are away (either with a password-protected screen saver or a PIN code).

And of course, never save a password on a computer you do not own or manage.

Password management software

To be able to follow all of these best practices without being overwhelmed, we recommend the use of a password manager (or password vault) to store your passwords. Password managers will store your passwords in a central place behind a single, master password, and can be either part of your web browser or a separate service or software package.

When you need the password, you retrieve it from the manager tool; otherwise, the password remains locked away. Other common features of a password manager:

  • A random password generator can create passwords as complex as you prefer.
  • Cloud storage means you can access your password vault from anywhere, as long as you remember your master password.
  • Automated log-in integrated with your browser will allow your password manager to handle the log-in process for you, keeping the entire process protected at all times.

Additional resources