Selecting Good Passwords

Passwords must contain:

  • a minimum of 1 lower case letter [a-z] and
  • a minimum of 1 upper case letter [A-Z] and
  • a minimum of 1 numeric character [0-9] and
  • a minimum of 1 special character: ~`!@#$%^&*()-_+={}[]|\;:"<>,./?
  • at least 1 upper case, numeric, and special character must be EMBEDDED somewhere in the middle of the password, and not just be the first or the last character of the password string.
  • Passwords must be at least 10 characters in length, but can be much longer.

Passphrases are longer versions of passwords that may be easier to remember and harder to guess. If you opt to use a passphrase, some of the complexity requirements are relaxed:

  • a minimum of 20 characters in length
  • a minimum of 2 character sets from these classes: [letters], [numbers], [special characters (as above)]

Some other considerations:

  • Please do not use the same password in the CS Department that you use anywhere else -- either in the rest of the University, at other jobs, other research institutions, etc.
  • Never tell *anyone* else your password.
  • Don't write your password down, and especially don't post in your work area, or online in a file.
  • Passwords must not be based on a dictionary word or have been previously cracked.
  • Passwords should not contain any personal information.

We encourage the use of a Password Manager, which makes it possible to use very complex passwords that are different for each site and are not reused. The University has partnered with LastPass to supply complimentary LastPass password management accounts to students, faculty, and staff.

Other techniques for selecting strong and memorable passwords can be found in the OIT Information Security Office. (Note, however, that our password rules differ from OIT's password rules.)