Your password is both your electronic identity and the key which you use to access University data. It is your responsibility to select a strong password and to manage it securely as you are personally accountable for its use.
Why should you choose a strong password and what makes one?
It takes automated software under 90 minutes to crack most people's passwords. Specially created computers can be designed to do this in just a few minutes.
The websites you use try to harden themsleves against attack - your password may be a weak point.
Remember a few strong passwords for the systems you need to keep most secure.
Long passwords are usually stronger as they can make brute-force attacks take much longer.
A long password, is only any good if it is also strong, so choose these carefully in such a way that you can remember them, but it is very difficult for others to guess.
It is actually more important to choose unique passwords for the services you use, than it is to choose very long ones. Do not make it too hard for yourself to remember very many long ones.
The recommended way to choose very strong passwords, is to use a passphrase. This is a password made up of (at least) four randomly chosen words. It is as easy to remember as four randomly chosen letters, but it results in very strong passwords. For example a passphrase could be:
or to make it compatible with a service that insists on punctuation marks and capitals:
It is the combination of length and random nature of the words combine to make the password strong.
Weak password | Stronger password | Comment |
---|---|---|
sunshine | %5un555h1n3_SuperMan | Replaced letters with numbers, added special characters, but with a lot of randomness added in |
sherlock | SHlmsVSPrf.M | Derived from the phrase "Sherlock Holmes VS Prof. Moriarty" |
billiejean | 440D&fn,tlwohs | If you know the lyrics of a song, don't use the chorus and certainly not the title "She's just the girl who claims that I am the one". Use instead for example: "For forty days and forty nights, the law was on her side" |
janet (my sister) | ono!Wswlmmshcohh | Oh no! When she was little my mum spilled hot custard on her head. |
Do not make these mistakes when choosing a password:
Password theft is one of the favourite pastimes of hackers. The easiest way to steal your password, is to watch (or film) you while you type it. Other methods are:
If you want more information on passwords the National Cyber Security Centre provide guidance on this and a number of other cyber security topics. Their advice around passwords can be found at the following:
https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0
A password with 7 characters and just letters can be cracked almost instantly, but a password with 15 characters in will take 100 years to crack and 1bn years if you included upper and lower case, numbers and symbols.
A computer that is left logged on and unattended gives anyone access to information which is accessible to the authorised user, and allows others to use the account of the user for malicious purposes.
If a computer is left unattended, it should be shut down or locked through the use of a password access 'hot-key' or password-protected screen saver.