ITHACA, N.Y. -- On April 25, Cornell Information Technologies (CIT) rolled out its newest effort to strengthen electronic security by moving to enforce stronger passwords for NetIDs. The NetID and password combination is your private key to a wide range of services -- employee benefits, student grades, e-mail, to name a few -- that are provided by and restricted to the Cornell community.

What this means to current faculty, staff and students is that the next time they change their NetID passwords, they will have to follow new, more stringent rules. New members of the Cornell community will also have to follow these rules when signing on for the first time. Why? Because CIT wants to help them keep their private information as safe as possible.

"Cornell's NetID and password combination controls access to highly confidential data, some of which requires protection mandated by federal legislation," said Tom Parker, project manager of the CIT Identity Management Team. "Thus, it is essential that our passwords be strengthened against currently available methods for cracking passwords.

"In 2002, the university auditor recommended that CIT implement technical measures to ensure that users choose secure NetID passwords. We published guidelines for choosing secure passwords, but until recently, we didn't have the components in place to easily enforce password complexity rules."

All current faculty, staff and students are urged to change their passwords as soon as possible. The new password must be at least 8 characters long (8 to 12 is typical) and must include at least three of the following kinds of characters: uppercase letters, lowercase letters, numbers and symbols found on the keyboard, such as ! * ( ) :| | / ?. Words found in any dictionary or language -- even spelled backward -- must be avoided. Password-cracking programs work by trying every word in the dictionary or by trying random combinations of characters; the more different types of characters used, the more combinations a cracker has to go through.

Don't pick names or nicknames of people, pets, places or personal information that can easily be found out, such as your birthday, address or hobbies. Don't include repeated characters, such as "AAA" or "555"; alphabetic or numeric sequences, such as "abc" or "123"; or common keyboard sequences, such as "qwerty" or "pas." Another tip: Don't bother with simple substitutions, such as replacing the letter O with the number zero, or leaving out all the vowels in a word. Password crackers may check for all of those tricks.

Your password should be easy for you to remember but difficult for anyone else to guess. Instead of a password, think of a passphrase: your favorite line from a song, poem or speech; the punchline of a joke; a bumper sticker or a sports chant. Pick one or two letters or symbols to represent each word, then mix in punctuation and numbers that are meaningful to you. For example, the password "fa18C's68w" mixes the first letters of each word in the song title "Far Above Cayuga's Waters" with the year Cornell opened.

Think before you start this process, lest you find yourself coping with blank-page syndrome.

Following these guidelines to make your password strong does not make it secure.

"Strong passwords are different from secure passwords," said Stacy Pendell, CIT technical writer. "You can create the strongest password in the world, but if you put it on your computer monitor with a sticky note, your computer is still not safe."

Secure passwords are not written down, not shared with anyone and not stored on your computer in unencrypted form. CIT also recommends that your NetID password be reserved for that use alone and not used for other services, such as bank accounts, Amazon, eBay or your local file server.

To change your password or to learn more about strong, secure passwords, visit http://www.cit.cornell.edu/services/identity/password.html.