A study by the CERT/CC at Carnegie Mellon University estimated that
of all network security problems are caused by bad passwords. A weak
password can allow hackers to infect your computer with viruses, to
access your personal information, or to send spam from your email
account. If hackers can guess your user name and password, you might
as well have just given them your wallet and the keys to your room.
The easiest way to protect your computer and data is to have a strong
Fortunately it is not hard to create a strong password.
How to Create a Strong Password or
The more of these features you use, the harder your password will
be to guess or crack!
Passwords should be a minimum of 8 characters:
Each additional character strengthens the protection of the
being used. The ideal password length is anything greater than 14
Combine letters, numbers, and symbols:
The greater variety of characters that you have in your
password, the harder it is to guess.
The fewer types of characters in your password, the longer it
A 15-character password composed only of random letters and numbers is
33,000 times stronger than an 8-character password composed of
from the entire keyboard. If you cannot create a password that
symbols, you need to make it considerably longer to get the same
of protection. An ideal password combines both length and different
types of symbols.
Use the entire keyboard, not just the most common characters.
Symbols typed by holding down the "Shift" key and typing a
very common in passwords. Your password will be much stronger if you
choose from all the symbols on the keyboard, including punctuation
marks not on the upper row of the keyboard, and any symbols unique
to your language.
Suggestions for a Strong Password or
Use the first letter of each word from a line in a book, song,
For example: "Who ya gonna call? Ghost Busters!" becomes
Use numbers, letters, and punctuation to create a passphrase
like a vanity license plate.
Time off = T1me#0ff
I hate snow = 1H8sn0w!
Do not use these examples as your password.
Use the password checker below to test the strength of your
Password not entered
Not all systems can support case sensitivity, special characters, or
passwords. In these cases, it's even more important to use a mix of
alphabetic and numeric characters and to avoid words and names.
Password methods to AVOID:
Avoid sequences or common strings: (ex: 123456; 111111; ABCDEF;
Avoid the use of any information with personal significance: (ex:
name, birthday, favorite football team, etc.) These are the first
hacker will attempt.
Avoid dictionary words in any language
How to Keep your Passwords Safe
Do not use the same password for everything.
Use a few different ones. For instance, be sure not to use the
password for an unofficial, casual, or uncritical service (such as
free online games) as you use for more critical services (such as
online banking). Please use a different password from your UR
for non-UR services to prevent outsiders from gaining access to UR
systems. You may find it helpful to think in terms of two kinds of
passwords: your "outside" password for use at remotes web sites and
your "inside password" for use on UR systems.
Never write your password down.
If you can't remember it, then it's not a good password.
Never share your password with others.
You wouldn't share your toothbrush or your underwear with a
so why share your password?
Do not allow websites to "remember" your password.
Take the extra five seconds to type it in each time you visit a
website--it's worth it!
Log out every time you access your personal accounts.
Be sure to log out of your personal accounts, such as online
systems, UR email, and even Facebook, especially when you are using
access computers. This will ensure that the next user does not have
to your accounts or browsing history.
Change your password regularly.
Unlike keys or an ATM card, your password does not have to be
taken to be copied, and it's unlikely you'll know when your password
has been stolen.
Make sure that any website which requires your password is
protected by Secure Sockets Layer (SSL).
Look for the web address to being with https: or for a yellow
to be located in the browser. These sites encrypt data in order to
transmit private information such as credit card numbers.