NACS has recently upgraded its password infrastructure to allow for longer passwords. Longer passwords are more secure because it becomes prohibitively difficult to discover a password by computationally grinding through all the possibilities. The “rules” for choosing a good password still stand: use a combination of upper- and lower-case letters, numbers, and punctuation; don’t use recognizable strings (dictionary words, runs of keys as they appear on the keyboard, multiple copies of the same letter) or personal information (name, UCInetID, birthday, employee ID number). A summary of password guidelines can be found at http://www.nacs.uci.edu/ucinetid/password.html
It is also strongly recommended to change your password at least once a year. Long-lived passwords accumulate risk as the number of times and places they are used increases. One of the major risks today’s users are exposed to are so-called “key loggers,” small programs that hide on a computer and watch everything that is typed. Regular security scans (e.g., virus checkers), applying security patches, and caution with regard to opening email attachments or visiting unfamiliar web sites will help protect you from key loggers.
Security may seem inconvenient, and costs the University resources that we’d rather use in other ways, but it is an inescapable part of providing reliable network services, and much cheaper than the loss of valuable research data or identity theft. NACS will continue to watch the security landscape, make necessary advances in network security, and work with users and departments to help protect UCI.