University of Rochester
Passwords
- Why are Strong Passwords Important?
- How to Create a Strong Password or Passphrase
- Suggestions for a Strong Password or Passphrase - Test Your Password
- How to Keep your Passwords Safe
Why are Strong Passwords Important?
A study by the CERT/CC at Carnegie Mellon University estimated that 80% of all network security problems are caused by bad passwords. A weak password can allow hackers to infect your computer with viruses, to access your personal information, or to send spam from your email account. If hackers can guess your user name and password, you might as well have just given them your wallet and the keys to your room. The easiest way to protect your computer and data is to have a strong password.
Fortunately it is not hard to create a strong password.
How to Create a Strong Password or Passphrase
The more of these features you use, the harder your password will be to guess or crack!
Passwords should be a minimum of 8 characters:
- Each additional character strengthens the protection of the password being used. The ideal password length is anything greater than 14 characters.
Combine letters, numbers, and symbols:
- The greater variety of characters that you have in your password, the harder it is to guess.
- The fewer types of characters in your password, the longer it must be. A 15-character password composed only of random letters and numbers is about 33,000 times stronger than an 8-character password composed of characters from the entire keyboard. If you cannot create a password that contains symbols, you need to make it considerably longer to get the same degree of protection. An ideal password combines both length and different types of symbols.
- Use the entire keyboard, not just the most common characters. Symbols typed by holding down the "Shift" key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.
Suggestions for a Strong Password or Passphrase
-
Use the first letter of each word from a line in a book, song,
or poem.
- For example: "Who ya gonna call? Ghost Busters!" becomes "Wygc?GB!"
-
Use numbers, letters, and punctuation to create a passphrase
like a vanity license plate.
-
For example:
Time off = T1me#0ff
I hate snow = 1H8sn0w!
-
For example:
Use the password checker below to test the strength of your password.
NOTE: Not all systems can support case sensitivity, special characters, or long passwords. In these cases, it's even more important to use a mix of alphabetic and numeric characters and to avoid words and names.
Password methods to AVOID:
Avoid sequences or common strings: (ex: 123456; 111111; ABCDEF; QWERTY; AAAAAA)
Avoid the use of any information with personal significance: (ex: your pet’s name, birthday, favorite football team, etc.) These are the first things a hacker will attempt.
Avoid dictionary words in any language
How to Keep your Passwords Safe
- Do not use the same password for everything. Use a few different ones. For instance, be sure not to use the same password for an unofficial, casual, or uncritical service (such as free online games) as you use for more critical services (such as online banking). Please use a different password from your UR passwords for non-UR services to prevent outsiders from gaining access to UR systems. You may find it helpful to think in terms of two kinds of passwords: your "outside" password for use at remotes web sites and your "inside password" for use on UR systems.
- Never write your password down. If you can't remember it, then it's not a good password.
- Never share your password with others. You wouldn't share your toothbrush or your underwear with a friend, so why share your password?
- Do not allow websites to "remember" your password. Take the extra five seconds to type it in each time you visit a website--it's worth it!
- Log out every time you access your personal accounts. Be sure to log out of your personal accounts, such as online bill payment systems, UR email, and even Facebook, especially when you are using public access computers. This will ensure that the next user does not have access to your accounts or browsing history.
- Change your password regularly. Unlike keys or an ATM card, your password does not have to be physically taken to be copied, and it's unlikely you'll know when your password has been stolen.
- Make sure that any website which requires your password is protected by Secure Sockets Layer (SSL). Look for the web address to being with https: or for a yellow lock icon to be located in the browser. These sites encrypt data in order to securely transmit private information such as credit card numbers.