||OIT Home > Security > Guide > Create and Protect Strong Passwords
Create and Protect Strong Passwords
Passwords are critical to information security since they are the most common way of confirming a person is who they claim to be. Most of us use them everyday for logging onto computers or email, signing onto online financial accounts, and shopping at our favorite web stores. Unfortunately, there are a multitude of cyber criminals out there trying to gain access to your accounts, so you need to create strong passwords and protect them.
When Creating Passwords, ALWAYS:
- Use a password with mixed-case letters.
- Use a password that includes non-alphabetic characters (digits or punctuation).
- Use a password that is easy to remember, so you don't have to write it down.
- Use different passwords for different accounts.
When Creating Passwords, NEVER:
- Use your first, middle, or last name in any form, or use your spouse's or children's names.
- Use other information easily obtained about you. This includes birthday, license plate numbers, telephone numbers, social security numbers, the make of your automobile, the name of the street you live on, etc.
- Use a password of all digits or all the same number.
- Use a password shorter than eight characters. (The more characters, the harder it is to break.)
- Use your ID number, account name, login name, or email address as a password (as is, reversed, capitalized, doubled, etc.).
- Re-use an old password.
- Use any example password found in this or any other document.
Protecting your Password
- Remember to destroy any paperwork that lists an account name (or user ID) and password.
- Change your password when you suspect that someone else may know it. (Keep your password a secret!)
- Change your password periodically (every sixty to ninety days).
- Never write your password down.
- Never reveal your password to anyone. Help desk personnel, network managers, or computer support personnel should never need your password to diagnose problems.
- Make sure that no one is peering over your shoulder when you type in your password.
Password Construction Made Easy
The strongest passwords are both easy for you to remember and hard for others, even a computer, to guess. Here is an effective way to accomplish both goals.
Back to Guide Index
- Start with a phrase you can remember. It can be a book title, some song lyrics, the name of an article, etc. For this example we will use a book title, "Love Is a Mix Tape," by Rob Sheffield.
- Condense the phrase. In this example we will just use the first letter of each word; i.e. liamt.
- Add a little complexity. Replace some lowercase letters with capital letters, numbers or symbols. Now mix things up by creating conventions around letters that you'll always make uppercase or change to symbols or numbers. Do what makes sense to you, so you don't have to write your system down. In this example we will capitalize the last letter, then change the 'i' to a '1' and end up with l1amT. This will serve as the base of our password.
- Create passwords with your password base using a simple formula that you will not forget. In this example, we use the first letter of the name of the site for which we are creating a password, then the last letter of that name followed by the number of letters in the name. This would make my Umail password Ul5l1amT and my Hotmail password Hl7l1amT.
- Create a reminder card to keep in your wallet. Instead of writing down the base, simply write down a hint (e.g. basic = Mixtape). This way if someone steals your wallet, they would have to guess both what phrase your hint refers to, and your formula.
- Repeat these steps for all your accounts. While you could use the same base word for all of your accounts, you should construct different bases for different types of accounts. For example, use one to access your systems at work, one for online banking, one for online shopping, and one for visiting web sites that don't involve any financial information.