Suggestions for Password Security

The following should be considered when choosing passwords:

  • should be easy to remember
  • should be difficult to guess
  • should not be of a fixed length but rather, at least six (6) characters long.
  • should be made up of letters, numbers, and special characters. Also try to mix upper case and lower case letters. This multiplies the number of different possible combinations.
  • should not be displayed when inputted
  • should be changed periodically by the user
  • should be forced to change by the system administrator
  • should not be dictionary words, either forwards or backwards
  • the degree of password complexity should be greater than the data at risk
  • should not be shared with anyone or used as a group of users "generic" password
  • should not be posted or written down in an unsecured location (i.e. desk drawers)
  • should be immediately changed if you suspect it was compromised
  • should not be known by a supervisor or other staff
  • should not be the same as your user ID
  • should not be names of your pets or children, phone numbers, or street addresses (or any personal information)