Strong passwords

The UCAS authentication system, which was used to access some internal UCAR systems, was decommissioned on March 16, 2020. Services other than HPSS that required UCAS authentication were switched over to require CIT authentication. UCAS-related information was removed from this web page. This change did not affect users who access HPSS from the Cheyenne or Casper clusters or from the data-access nodes.

A strong password is the first line of defense for an individual computer user's account. This document provides the information you need to help keep your account and NCAR computers secure.

Good passwords should:

  • Be memorized
  • Be at least nine (9) characters long (longer is stronger)
  • Contain both upper-case and lower-case characters
  • Contain numbers
  • Contain other keyboard characters such as !, *, and @.

Good passwords do not contain:

  • A dictionary word in any language
  • Personally identifiable information such as a name, a login name, part of an email address, a phone number, a date of birth, a license plate, a Social Security number, or similar data
  • Any of the above spelled backwards
  • Any of the above with numbers exchanged for letters or vice versa
  • Any of the above with numbers or special characters appended or prepended

For example, the following are equally ineffective:

  • hello
  • 43110
  • HeLlO
  • olleh
  • hello!
  • ?hello?

Hackers are well aware of all these tricks and can easily break such passwords.

You can create a strong, memorable password – or passphrase – by building a phrase or sentence that is known only to you. Use multiple words, both upper- and lower-case letters, numbers, and symbols. Longer is stronger. Many people find it easier to remember shocking nonsense phrases that they would never say aloud than to remember shorter acronyms.

Here are two non-shocking examples:

!D0lLaRb1ls*
!D0llarbi11sinmywa11et!

Note 1: Since the passwords shown here are in a public document, do not use them for your personal password.

Note 2: We avoided blanks and single quotes in the above passphrases because those two characters cause problems on some systems.

Keep your passphrase private. Do not share it with anyone. Do not write it down where it can be found by others or identified as your UCAR passphrase. If you find it absolutely necessary to write something down, do not write the phrase itself, but rather a hint that will remind only you of the passphrase. Do this on a card with no other information about where it applies in case the card is stolen.

Keep it safe. Good places are in a wallet or fireproof home safe.