How to Choose a Secure Password
About Passwords
Your password is the only way a computer can verify that the person using your account is really you. Anyone who can enter your password can access your account as if they were you -- perusing your private data, reading your electronic mail, altering or destroying your files, or performing illegal activities in your name.
Think of your password as a key: telling someone your password is like giving them a copy of the keys to your house. Having an insecure password is like leaving your front door unlocked, and in the electronic world malicious people are trying your doorknob every day. Choosing a secure password lets you protect your data and software as vigilantly as you would your tangible belongings.
Never Tell Anyone Your Password
You should never give your password to anyone else. Anyone who knows your password may perform acts using your account that you may be blamed for.
Password Requirements
-
Policy will be technically enforced by the Identity Management System
-
Passwords must be a minimum of 8 characters
-
Passwords must contain atleast one special character (e.g. %,#,@)
-
Passwords must contain at least one numeric character (0-9)
-
None of the last 10 passwords can be re-used
Additionally, for staff or honorary staff of the University,
-
Passwords will expire every 12 months
-
Passwords must contain atleast one Uppercase character (A-Z)
-
Passwords must contain atleast one Lowercase character (a-z)
-
Accounts will be timed-out for 15 minutes after 5 unsuccessful login attempts
-
None of the last 10 passwords can be re-used
Password Guidelines
In addition to the technical requirements of the password outlined above, obeying the following guidelines when choosing a password will guard against someone finding out your password and using your account illegally.
DO:
-
use a password with a mix of upper-case letters, lower-case letters, numbers, and punctuation. The more different characters you use, the more secure your password is.
-
choose a password that is easy to remember. If you have to write down your password then you won't be able to keep it safe.
DON'T:
-
use your login name in any form. This includes backwards, doubled, capitalised, etc.
-
use anybody's name. Names are easy to guess, even reversed, or capitalised, and are the first thing an attacker tries.
-
use any personal information. Any information another person can find out about you is not secure. This includes your date of birth, address, telephone number, staff or student ID number, and the formation about anyone you know.
-
use a password that is easily spotted when typing. Passwords that make patterns on the keyboard, like qwer1234, are easy for people looking over your shoulder to recognise.
Choosing a Secure Password
Try the following techniques for choosing a secure password.
-
Choose a line or two from a song, poem, or other phrase and use the first letter, or second letter, etc, of each word with some punctuation and numbers included.
-
Choose two short unrelated words and concatenate them together with a punctuation character between them and at the start or end.