Create Complex Passwords
A good password is one that’s reasonably easy to remember but hard for anyone to guess.
Creating hard-to-guess passwords and keeping them secret is a critical part of protecting confidential information like student or employee data, or your private email and banking information.
A strong password is designed to resist automated password guessing attacks and is unlike every other password you use.
- Longer passwords, 14 characters or longer, are better.
- Avoid using keyboard patterns such as "asdfgh", “qwerty” or “12345”.
- Try not to base your password on:
- One or two dictionary words in any language;
- Part of your name; or
- Anything easily associated with you, e.g. nickname, address, phone number, birthdate, or names of family members and pets.
- Combine uppercase and lowercase letters, numbers and symbols—the greater the variety of characters, the better.
- Instead of a password, use a passphrase so you’re creating a long string of characters:
- Start with five or more unrelated words;
- Transform the words by capitalizing some characters and adding numbers and symbols, e.g. APPLEBooShyPUPPYBrazenCameL23$@ (except don’t use this example).
- Use completely different passwords for each of your accounts so if a password is compromised on one site, hackers won’t gain access to additional accounts.
- Many sites provide the option to use password recovery questions in case you forget your password. We recommend not using recovery questions where possible because the questions are too easy to answer. (Use a password manager to remember passwords instead. See below.) If you are forced to set up password recovery questions, provide complex passwords as answers instead of the real answers to the questions.
- Never use the "remember password for this site" feature in browsers on shared or poorly protected computers. If a computer you use with saved passwords is lost or stolen, change all the passwords stored on it immediately.
- A better way to maintain different passwords for different sites is to use a password manager. While we can’t recommend a specific product, here are some you may consider:
- Lock your computer when not in use and make sure the screensaver is set up to require a password.
- Use passwords to protect all computers, laptops and devices for added security.
- Never share your password. If you must have someone else manage your email for a time and you have a Gmail account, use delegated access, external link, opens in new window instead.