There are two main passwords that all members of the college community must remember: their Middlebury network password, and their BannerWeb pin number.
Changing your password
Please look over the rest of the information in this article before you change your password.
To change your Middlebury network password:
- Type go/activate into the address bar of your browser and follow the instructions.
- Wait 15 minutes for the change to take effect.
- Log out or restart the computer you're working on.
- Log back in to test the new password.
Choose a straightforward, easy-to-remember password for your Middlebury account. I recommend that you think of a simple short sentence that is meaningful to you, and add a number in somewhere: this way you have a capital letter, a number, and a punctuation mark at the end.
Removing stored passwords on your computer
It is suggested that you never tell your computer to remember your Middlebury password. Often when you try to access Outlook, Middfiles, etc., your computer will offer to remember the password for you. This can save you time in the short run, but it can cause you a headache in the long run!
If your computer has stored your old password in any of its settings, the old password won't be updated when you change your password. If you don't erase the "memory" of these old passwords, the computer may try to use them in the future when you try to access midd_secure, Outlook email, etc. Repeatedly entering the wrong password can lock your account temporarily and cause you a huge inconvenience.
Mac OSX stores many passwords in the Keychain. You can remove these stored passwords to prevent problems once you change your Middlebury password.
- Open the Finder.
- Click then open Keychain Access.
- Make sure you can see the list of keychains (View menu), and select the "login" keychain.
- Look for entries like Exchange, mail.middlebury.edu, midd_secure, middfiles, etc. Delete entries like this to prevent Mac from automatically entering a (possibly outdated) password.
What are the risks of getting my password stolen?
Your Middlebury password is very sensitive information. Never tell it to anyone, write it in an email, or write it down where someone else could read it. Please remember that if you password is stolen, you are NOT the only person affected!
An attacker who knows your password can:
- Send spam through your account, putting your name, as well as the College's e-mail, on a black list. Being on a blacklist means that many other educational institutions, and companies will BLOCK ALL e-mail coming from Middlebury.
- Steal the e-mail addresses of other members of Middlebury College, and attempt to hack those accounts using YOUR account.
- Using YOUR account, break into many of our electronic databases, such as Banner, potentially getting access to a lot of sensitive, personal data (or financial data).
- Break into College computers using YOUR account and infect them with viruses. Use the infected computers to spread even more viruses and spam. The viruses installed can be used to steal credit card data or steal more passwords.
Why does Middlebury have such a complex password policy?
Middlebury requires your passwords to have both lower-case and capital letters as well as numbers and some punctuation mark. This increases your safety in several ways:
- Such passwords are virtually impossible to guess, unlike simpler passwords that are often guessed.
- If your computer is infected with a virus that is watching what you type, your password could be sent out to an attacker who then uses it to access your account. Middlebury's complex passwords are harder for such programs to record than a simple password.
- If you save your passwords using a password manager program on your computer, it is harder for someone else to steal complex passwords than simple ones.
Many Middlebury members ask why we insist that you change your password every 6 months. This also has multiple advantages:
- It makes password-guessing even more impossible.
- It ensures that old passwords which have been stored somewhere and found later, aren't a security risk.
- If your password has been stolen, the attacker won't be able to use it indefinitely.
Remembering and storing passwords
Passwords can be hard to remember, but keeping them in an easily visible location is an unacceptable security risk.
People take 2 frequent approaches to storing their passwords in case they forget them:
- Some people write their password on a slip of paper and hide it in a secure location. Please remember that if anyone finds your password written down and uses it to access your account, your entire Middlebury email and files are available for their access and, furthermore, you are endangering the reputation and security of other people's accounts.
- Others use a software program such as Keepass Password Manager (we are not endorsing this - it's an example) to store their passwords for them. While these programs "scramble" or encrypt your passwords to prevent intruders from reading them and boast excellent security, software always has some security risks and there is a chance that someone could gain access to all the passwords that you store in a password file. Here are some examples of password managers with security holes: 
The Helpdesk's position is that it's better to remember passwords and avoid storing them. See this page for six steps to make passwords easier to remember.