How to Create a Secure Passphrase

The easiest way to protect your computer and data is to use strong, long passwords or passphrases. A weak password can allow hackers to infect your computer, access your personal information, or send spam from your email account.

While the University only requires 8-character passwords, we recommended the use of a much longer one. In fact, entering a 14+ character passphrase can be easier than a basic 8-character password. Instead of using a single long word, or hard-to-remember gibberish such as “TDpZE8yqS7pS0&”, you can use more words with sentence structure such as capitals and punctuation. Choose 3-4 random words, a short phrase, or even a song lyric.

 

“Gouda is my favorite cheese!”

“It’s pronounced Frankensteen!”

“Have fun storming the castle!”

“On a train bound for nowhere.”

“There can be only 1!”

 

Think again as a passphrase instead of a password.

 

 
A standard 8-character password requiring 3 of the 4 criteria (numbers, upper and lowercase letters, and symbols) can be cracked using today’s technology in one hour! By increasing the password length to 14 characters, that time increases exponentially to a stunning estimated 9 million years.

Password Cracking

 

 

How to Keep Your Passwords Safe

  • Use a password management tool. The University provides LastPass Personal Premium to all members of the UR community at no cost. This tool uses strong encryption to ensure the only way to access your password is by creating and using one strong “master” password to protect the credentials of all your other accounts. Get LastPass now.
  • Do not use the same password for everything. For instance, please do not use the same password for an unofficial, casual, or uncritical service (e.g., online games) as you use it for more critical services (e.g., online banking). Use a different password from your University passwords for non-University services to prevent outsiders from gaining access to University systems.
  • Never write your password down.
  • Never share your password with others.
  • Log out whenever you access your accounts, especially when using public-access computers. This will ensure that the next user does not have access to your accounts.
  • Change your password regularly. Unlike keys or an ATM card, your password does not have to be physically taken to be copied, and it’s unlikely you’ll know when your password has been stolen.
  • Ensure that any website that requires your password is protected by Secure Sockets Layer (SSL). These sites encrypt data to transmit private information like credit card numbers securely. Ensure the web address begins with “HTTPS:” or look for a lock icon in the browser’s address bar. 

 

If you’ve made it this far, enjoy an internet-famous comic strip from XKCD.

Credit to XKCD
https://xkcd.com/936/

Related Services