Tips for Strong, Secure Passwords
“A strong password is your first line of defense. Create passwords that you can remember, but others can't guess.”
- Never share your password with anyone
- Do not just use one password for all your accounts
- Do not post it in plain sight (ie. Under your keyboard)
- Make your password at least 8 characters long including numbers, upper- and lower- case letters, and symbols
- Consider using a $ instead of an S or a 1 instead of an L, 3 instead of E, or included an & or % symbol. Remember the longer the better!
- Always refer to password tips based on the site guidelines, different sites require different password types. (e.g. some accounts require a mix of upper case and lower case letters with numbers. Other require the use of special symbols).
- Do not use words that can be found in a dictionary no matter the language
- Consider using a passphrase (PC Mag) instead of a password where possible since they are harder to crack. The key is to make it long but not complicated for yourself.
- Consider a "password" for your phone (and all other mobile devices like tablets) too
Please refer to CUNY IT Security Procedures and direct your attention to Section II, Policy 8 regarding the use of Password.
“Passwords and private encryption keys must be treated as Non-Public University Information and, as such, are not to be shared with anyone.” -CUNY
What makes a bad password?
- Dates: 19XX, 20XX, other anniversaries or famous years like 1776 or 1066. It is better for forget a Birthday than to have your account hacked!
- The word "password": pass, password, p@$$word or any variant
- Sports references: footballfan, hockey, gosox
- Names: pets, spouses, children, grandchildren, celebrities
- Personal information: your name, email address, phone number, or social security number
- Keyboard patterns or sequential numbers: qwerty, asdf, 123456
Do you use any of these as a password, or in combination with a single dictionary word? If so you need to upgrade your password to something stronger.