Password Strength

Your best defense against hackers is a strong password. A strong password is as long as possible. Always use at least 8 characters in your password. The longer the password, the more difficult it is to attack with a "brute-force" search (a computer testing hundreds of password combinations against yours every second).

Characteristics of a Strong Password

  • Cannot contain three consecutive letters of your name
  • Contains both upper- and lower-case letters
  • Includes numbers and punctuation (?!#), as well as letters
  • Is memorable (does not have to be written down)
  • Is a minimum of 8 characters long
  • Can be typed quickly (deters others from learning your password as you type it)


DO Use Phrases or Sentences

A particular effective technique is to think of a sentence and turn it into a password, such as:

  • wru2rxy? - Who are you to ask why?
  • bWiIso3! - Beware the ides of March!
  • J&Jwuth2fapow - Jack and Jill went up the hill to fetch a pail of water
  • GwIwg4argp - Gee, what I would give for a really good password


DON'T Use Personal Information

A weak password is one that:

  • Uses personal information, such as your name, a friend's name, a pet's name, your phone number, social security number, birth date, or address
  • Uses any single word in the dictionary, whether spelled frontwards or backwards
  • Uses any single word with letters simply replaced by numbers, e.g., bl0wf1sh
  • Is easy to spot while you're typing it, e.g., 12345, qwerty (top line of keyboard), or nnnnnn


Keep Passwords Secret

A new way for hackers to trick people into giving away their passwords and other personal information is through a scam called "phishing." Phishing is the practice of sending millions of bogus e-mails that appear to come from popular Web sites like eBay or Amazon. The emails look so official that many people will respond to requests for their login name and password.

The University, Microsoft, eBay, Amazon, PayPal, or any other reputable company never ask for your password through email. If you receive a request for your password, social security number, or other sensitive information via email, notify the company immediately by phone or through their Web site.

The 6-month Rule: Change Passwords Frequently

Although the University only requires you to change your password once a year, you should change them approximately every 6 months - even if you believe your password is strong.

It is important to use different passwords for all of your University and non-University accounts. That way, if one account gets compromised, your other accounts will be less likely to be at risk.

It is very simple to change your NetID password.


Need additional assistance?

Get Help

Print Article


Article ID: 116779
Wed 9/23/20 11:28 AM
Thu 5/26/22 3:42 PM