A good password is one that is easy for you to remember and hard for hackers and computers to guess. When it comes to computer guessing we talk about entropy which, in security terms, is the degree of randomness of characters in your password. The more degrees of entropy (or randomness) the better. To achieve this randomness there is a shift away from shorter passwords (8 characters) and toward longer passwords (14 characters). Research into security is encouraging the use of 4-5 randomly selected words to achieve a degree of entropy while allowing us to create mnemonics to remember them – this meets the goal of easy for you to remember and hard for computers to guess. A now-classic XKCD comic helps to explain some of the logic behind a longer password while also underscoring the folly of previous approaches to passwords. Pairing a secure password with another form of authentication helps to build a secure digital environment for our campus.

To create a secure password there are a few strategies you can use 

  • Use a pass phrase using five random words. The gold standard of generating these random words is to use Diceware though a site that can generate these words for you is still an effective method - a site that does this is https://www.useapassphrase.com/
  • Create a phrase like "I hope the Jays win the World Series in 2021!" Then, take the initials of each word and all numbers and symbols to create your password. So, that phrase would result in this: IhtJwtWSi2021!  
  • Use a password generator, which come in the form of offline programs and web sites. Many password managers like LastPass or Dashlane also have built in password generator tools.
  • As a minimum, have 14 characters ideally with a mix of letters, numbers, and symbols.

Try various passwords at https://lastpass.com/howsecure.php to get an idea of how complex they need to be for maximum security.

For more information on digital security see this paper from the National Institute of Standards and Technology.

REMEMBER:
  • Don’t incorporate personal information into your passwords (e.g. birthdays)
  • Don’t share your password with anyone (including ITS!)
  • Don’t use easy-to-guess passwords (like “password”)
  • Don’t use only a string of numbers (“1234”) or letters (“abcd”)
  • Don’t use common expressions, song titles or lyrics, movie titles, or quotes
  • Don’t reuse your password on other website or systems
    Don’t log into untrusted systems
  • Don’t get infected with malware which may harvest your passwords
  • Use a password manager such as LastPass or Dashlane