Choosing a good password

A password is a means of proving to a computer system that you are who you say you are. This page provides advice on how to choose a good password and keep it safe.

Most computer systems require two pieces of information before you can gain access: your username, which tells the computer who you are, and your password -- a collection of keyboard characters known only to you.

This method is designed to prevent people from gaining access to your data, using your print credits, sending email in your name, or using your computer to mount illegal attacks over the Internet.

Keep your password secret

It is very important that you do not tell anyone your password. If someone finds out what your password is, you should change it as soon as possible.

Information Services will NEVER ask you for your password and you should NEVER share it.

Choose a good password

A good password is at least eight characters long, with a mixture of alphabetic, numeric and punctuation characters. It should be easy to remember -- at least for you -- but difficult to guess. Here are a few guidelines.

DO:

  • use some non-alphabetic characters such as punctuation marks or numbers (some systems force you to do this), but don't use control characters.
  • use non-dictionary words -- such as the initial letters of the words in a line of a favourite song or book title. If you add vowels between consonants you can make up words which are pronounceable and therefore easy to remember.

DON'T:

  • use your username in any form as a password, even backwards or mixed up.
  • use your real name in any form, or any part of it.
  • use obvious personal information, such as your date of birth, phone number, national insurance number, address, etc.
  • use all digits, or just one letter -- this reduces the amount of guesswork.
  • use less than eight characters. (Some systems won't let you.)
  • use any word you might find in a dictionary (any dictionary). (Some systems check this.)
  • use characters from well known books (Gandalf, Sherlock), band names, song titles etc.
  • use passwords that are too easy -- or too difficult -- to type: an easy password can be guessed by anyone who sees you type it, and you will only be able to type a difficult password slowly -- with the same result.
  • use the same password for other services
  • use 'fred' -- it's too short and it's also an example in this page...

One technique for generating passwords is to start with a phrase or sentence which you can remember (and which can't be guessed by those who know you), then to convert it to letters, numbers and characters in some easy to remember way.

For example use the initial letters of "I'm In Love With A German Filmstar" to generate a password of 'IilwaGf*'.

Please don't use this example -- think up one for yourself!

Keep your password safe

You might not be storing vital information in your account, but if a malicious person breaks in to it, they could delete all your files (including vital setup files) and your mail. They can also send mail to people in your name, normally without good intent, print using your quota or cause other damage. Make sure you use a different password for different things: if one password is compromised you can limit the damage if you use different passwords for EASE, VPN and internet banking etc.

Computing Regulations

It is part of the Computing Regulations of the University that users are required to take all reasonable precautions to maintain the integrity of their passwords and any other security mechanisms. All users are bound by these Regulations.


Accessibility menu