Create Complex Passwords
A good password is one that’s reasonably easy to remember but hard for anyone to guess.
Creating hard-to-guess passwords and keeping them secret is a critical part of protecting confidential information like student or employee data, or your private email and banking information.
- Longer passwords, 14 characters or longer, are better.
- Avoid using keyboard patterns such as "asdfgh", “qwerty” or “12345”.
- Try not to base your password on:
- One or two dictionary words in any language;
- Part of your name; or
- Anything easily associated with you, e.g. nickname, address, phone number, birthdate, or names of family members and pets.
- Combine uppercase and lowercase letters, numbers and symbols—the greater the variety of characters, the better.
- Instead of a password, use a passphrase so you’re creating a long string of characters:
- Start with five or more unrelated words;
- Transform the words by capitalizing some characters and adding numbers and symbols, e.g. APPLEBooShyPUPPYBrazenCameL23$@ (except don’t use this example).
- Use completely different passwords for each of your accounts so if a password is compromised on one site, hackers won’t gain access to additional accounts.
- Many sites provide the option to use password recovery questions in case you forget your password. We recommend not using recovery questions where possible because the questions are too easy to answer. (Use a password manager to remember passwords instead. See below.) If you are forced to set up password recovery questions, provide complex passwords as answers instead of the real answers to the questions.
- Never use the "remember password for this site" feature in browsers on shared or poorly protected computers. If a computer you use with saved passwords is lost or stolen, change all the passwords stored on it immediately.
- Lock your computer when not in use and make sure the screensaver is set up to require a password.
- Use passwords to protect all computers, laptops and devices for added security.
- Never share your password. If you must have someone else manage your email for a time and you have a Gmail account, use delegated access, external link instead.
Keep track of your passwords with a password manager
While managing separate passwords for all your accounts or websites may seem daunting, password managers can help you keep track of your passwords and keep them secure.
Password managers are software or applications that securely store and manage your passwords in one place, allowing you to easily access and identify passwords for all your accounts. Once you’ve entered your account usernames and passwords into the software, you’ll only need to remember one master password to access all of your online credentials.
While we can’t endorse a specific password manager, here are some you may consider:
- Sophos, TMU’s antivirus program, offers a password management tool called Password Safe via the Sophos Intercept X app, external link for mobile devices
- Keepass, external link, an offline password management tool often used by system administrators
- Dashlane, external link or Lastpass, external link, both of which are cloud-based password management services