A weak password can allow hackers to infect your computer, access your personal information, or send spam from your email account. The easiest way to protect your computer and data is to use strong passwords.


How to Create a Strong Password

  1. Use at least 8 characters.
    • Each additional character strengthens the protection of the password being used.
    • The ideal password length is anything greater than 14 characters.
  2. Combine letters, numbers, and symbols.
    • The greater variety of characters that you have in your password, the harder it is to guess.
    • The fewer types of characters in your password, the longer it must be to get the same degree of protection. An ideal password combines both length and different types of characters.
    • Use the entire keyboard, not just the most common characters. Symbols typed by holding down the Shift key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.
  3. Avoid sequences or common strings.
    • For example: 123456, 111111, ABCDEF, QWERTY. AAAAAA
  4. Do not use information with personal significance.
    • For example, your birthday, pet’s name, favorite football team, etc. These are the first things a hacker will attempt.
  5. Consider using a passphrase to make a strong password that’s easy for you to remember.
    • Use the first letter of each word from a line in a book, song, or poem to create a passphrase. For example: “Who ya gonna call? Ghost Busters!” becomes “Wygc?GB!”
    • Use numbers, letters, and punctuation to create a passphrase like a vanity license plate. For example: I hate snow = 1H8sn0w!
    • Use three to five short, random words of four to six characters each separated by a symbol.
Not all systems can support case sensitivity, special characters, or long passwords. In these cases, it’s even more important to use a mix of alphabetic and numeric characters and to avoid words and names.

How to Keep your Passwords Safe

  • Do not use the same password for everything. For instance, do not use the same password for an unofficial, casual, or uncritical service (e.g., online games) as you use for more critical services (e.g., online banking). Use a different password from your University passwords for non-University services to prevent outsiders from gaining access to University systems.
  • Never write your password down. If you can’t remember it, then it’s not a good password.
  • Never share your password with others.
  • Do not allow websites to “remember” your password.
  • Log out every time you access your personal accounts, especially when you are using public-access computers. This will ensure that the next user does not have access to your accounts.
  • Change your password regularly. Unlike keys or an ATM card, your password does not have to be physically taken to be copied, and it’s unlikely you’ll know when your password has been stolen.
  • Make sure that any website that requires your password is protected by Secure Sockets Layer (SSL). Look for the web address to begin with “https:” or look for a lock icon in the browser’s address bar. These sites encrypt data in order to securely transmit private information like credit card numbers.
  • Use a password management tool. The University provides LastPass Personal Premium to all members of the UR community at no cost. This tool uses strong encryption to ensure the only way to access your password is by creating and using one strong “master” password to protect the credentials of all your other accounts. Get LastPass now.

Related Services