Passwords must contain:
- a minimum of 1 lower case letter [a-z] and
- a minimum of 1 upper case letter [A-Z] and
- a minimum of 1 numeric character [0-9] and
- a minimum of 1 special character: ~`!@#$%^&*()-_+={}[]|\;:"<>,./?
- at least 1 upper case, numeric, and special character must be EMBEDDED somewhere in the middle of the password, and not just be the first or the last character of the password string.
- Passwords must be at least 10 characters in length, but can be much longer.
Passphrases are longer versions of passwords that may be easier to remember and harder to guess. If you opt to use a passphrase, some of the complexity requirements are relaxed:
- a minimum of 20 characters in length
- a minimum of 2 character sets from these classes: [letters], [numbers], [special characters (as above)]
Some other considerations:
- Please do not use the same password in the CS Department that you use anywhere else -- either in the rest of the University, at other jobs, other research institutions, etc.
- Never tell *anyone* else your password.
- Don't write your password down, and especially don't post in your work area, or online in a file.
- Passwords must not be based on a dictionary word or have been previously cracked.
- Passwords should not contain any personal information.
We encourage the use of a Password Manager, which makes it possible to use very complex passwords that are different for each site and are not reused. The University has partnered with LastPass to supply complimentary LastPass password management accounts to students, faculty, and staff.
Other techniques for selecting strong and memorable passwords can be found in the OIT Information Security Office. (Note, however, that our password rules differ from OIT's password rules.)
- Students
- Staff
- Schools & services
- Sussex Direct
- Canvas
There are some simple rules that you must follow when changing your password:
- Your password must be at least 10 characters long.
- Remember that UPPERCASE letters are different from lowercase letters (for example, A is treated as different from a).
- It must contain at least one character that is not a letter, such as a digit.
The following special characters can be used in passwords changed using the My IT Account facility:
| curly brackets | { } | round brackets | ( ) | square brackets | [ ] |
| hash | # | colon, semi-colon | : ; | caret | ^ |
| comma | , | full-stop | . | question mark | ? |
| exclamation mark | ! | bar or pipe | | | ampersand | & |
| underscore | _ | backtick | ` | tilde | ~ |
| at | @ | dollar | $ | percent | % |
| slash and backslash | / \ | arithmetic symbols | =+-* | single and double quotes | " ' |
The following characters are also permitted:
- Uppercase [A-Z] and lowercase [a-z] English alphabet characters
- Digits 0-9
- spaces
The following are permitted, but may cause problems on some systems:
- 'greater than': >
- 'less than': <
You may not use any of the following characters:
- Any accented or non-english alphabetic characters: ü î ø å é etc.
- A leading space or trailing space
The upper limit for password length is set at 127 characters, however we recommend using something memorable.
Please suggest an improvement
(login needed, link opens in new window)
Your views are welcome and will help other readers of this page.
This is question number 839, which appears in the following categories:
I believe you are correct, and that your lecturer's solution overcounts the solution by a factor of two exactly.
By looking at the formulas provided, it seems that your reasoning is as follows: choose two of the six spaces to be letters, choose the letters used, then choose the numbers used in the remaining four spaces. Hence, $\binom{6}{2} \cdot 26^2 \cdot 10 \cdot 9 \cdot 8 \cdot 7$.
On the other hand, your lecturer's reasoning seems to be: choose which letters and numbers to use first, then permute the characters arbitrarily. Hence, $26^2 \cdot \binom{10}{4} \cdot 6!$. However, the problem with this approach is that it overcounts the number of distinct ways you can permute the letters. For example, if two $a$'s were chosen for the letters (denote then $a_1$ and $a_2$ to distinguish them from each other) and, say, $1234$ were chosen for the digits, the passwords $$a_1a_21234 \quad \text{and} \quad a_2a_11234$$ would be counted differently, even though they're the same password. This doesn't happen in your case, since fixing the positions of the letters first before choosing them results in each pair of letters leading to a different password combination.
In order to continue enjoying our site, we ask that you confirm your identity as a human. Thank you very much for your cooperation.