You are now in the main content area

Create Complex Passwords

A good password is one that’s reasonably easy to remember but is hard for anyone to guess. Creating hard-to-guess passwords and keeping them secret is a critical part of protecting information such as your private email, banking information and the confidential information you may be entrusted with such as student or employee information.

What makes a strong password?

A strong password is designed to resist automated password guessing attacks and is unlike every other password you use.

The Basics

  • Longer passwords, 14 characters or longer, are better.
  • Avoid using keyboard patterns such as "asdfgh", “qwerty” or “12345”.
  • Don’t base your password on one or two dictionary words in any language, part of your name or anything that’s easily associated with you, e.g. your nickname, address, license plate, phone number or birthdate.

Be Creative

  • Combine uppercase and lowercase letters, numbers and symbols - the greater the variety of characters, the better.
  • Instead of a password, use a passphrase for remembering long passwords so you don't have to write them down. You can start with four or more unrelated words and then transform them a little by capitalizing some characters and adding numbers and symbols, e.g. CloudyToothBrAzenCAmell96$@ (except don’t use this example).
  • Use completely different passwords for each of your accounts - that way, if a password is compromised on one site, attackers won’t gain access to all your accounts at once.

Choose Safety Over Convenience

  • Many sites provide the option to use password recovery questions in case you forget your password. We recommend not using recovery questions where possible because the questions are too easy to answer. (Use a password manager to remember passwords instead. See below.) If you are forced to set up password recovery questions, provide complex passwords as answers instead of the real answers to the questions.
  • Never use the "remember password for this site" feature in browsers on shared or poorly protected computers. If a computer you use with saved passwords is lost or stolen, change all the passwords stored on it immediately.
  • A better way to maintain different passwords for different sites is to use a password manager. While we can’t recommend a specific product, here are some you may consider:
  • Lock your computer when not in use and make sure the screensaver is set up to require a password.
  • Use passwords to protect all computers, laptops and devices for added security.
  • Never share your password. If you must have someone else manage your email for a time and you have a Gmail account, use delegated access, external link, opens in new window instead.