Passwords
Passwords
Why Passwords Matter
Passwords are your first line of defense in protecting your data. By creating strong passwords for each of your accounts, you make it harder for someone who isn't you to access your information online.
How to Create Strong Passwords
Make Your Password Complex & Memorable
Passwords should be at least eight characters in length and contain upper and lower case letters, numbers and symbols (such as ! or &). You can create complex — and memorable — passwords by following this method:
- Make up a sentence you can easily remember. Some examples:
- I have two kids: Jack and Jill.
- I like to eat Ben & Jerry's ice cream.
- Now take the first letter of every word in the sentence and include the punctuation. You can throw in extra punctuation or use numerals for variety. The above sentences would become:
- Ih2k:JaJ.
- IlteB&J'ic.
As you can see, the passwords generated by this method can be fairly complex and easy to remember. Just please don't use one of these sentences to create a password for yourself.
Make Your Password Unique
You should create a different password for each of your online accounts to help protect your data.
You put yourself at risk if you reuse the same password for all of your accounts. If someone gets your password for one account through a data breach or other means, they could access all of your accounts with that one password.
If you need help remembering all of your passwords, use a password manager.
Complex
Create complex passwords. Passwords should be at least eight characters in length and contain upper and lower case letters, numbers and symbols.
Memorable
Create memorable passwords. One way to do this is by turning a sentence into a password. For example, "I have two kids: Jack and Jill." becomes "Ih2k:JaJ."
Unique
Create unique passwords. Use a different complex and memorable password for each of your online accounts to prevent widespread exposure from data breaches.
Bad Password Habits to Avoid
Using Common Words
Do not choose a password that is a word (English or otherwise), proper name, name of a TV show or anything else that would be contained in a dictionary, and do not choose a password that is a simple transformation of a word.
Hackers use a method called dictionary attacks that passes every word in a dictionary to a login program in the hope that it will eventually match the correct password. This method may also try simple transformations of dictionary words, such as putting a punctuation mark at the beginning or end of a word, converting the letter "l" to the number "1" or writing a word backwards.
For example, "password,123" is not a good password, since adding ",123" is a common, simple transformation of a word.
Including Personal Information
Reusing Passwords
Do not choose a password that you have used with other sites. Criminals will try to use passwords that were leaked in data breaches to break into other accounts where you may have used the same password.
If you reuse passwords, there's a good chance your password may already be out there for criminals to find. You can look up whether your personal information, including your passwords, may have been exposed in a data breach using the service HaveIBeenPwned.com.
No Common Words
Avoid using words that you can find in the dictionary, and avoid simple transformations of words, such as adding an exclamation point.
No Personal Information
Avoid using any personal information, such as your name or your birthday, as part of your password since this information can be easily discovered.
No Password Reuse
Avoid using the same password for multiple accounts. If your password to one account gets exposed, reusing passwords puts all of your accounts at risk.
Secure Your Passwords
Use a Password Manager
If you have trouble remembering all your passwords, consider using a password manager, such as LastPass, 1Password or Dashlane. Password managers help you create and store complex and unique passwords.
Don't Write It Down — But If You Must ...
You should avoid writing down your passwords. If you absolutely must write something down, we suggest doing the following:
- Don't write down the entire password, but rather a hint that would allow you (but nobody else) to reconstruct it.
- Keep whatever is written down in your wallet or another place that only you have access to. Do not store written passwords on a post-it note on your monitor or on a piece of paper on your desk.
Don't Share Your Passwords
Never tell anyone your password or send it in an email.
Many scams use fake warnings to trick people into sending or submitting their passwords to them. No legitimate company or financial institution will ever ask you to submit sensitive personal information through an email or a link in an email. No one from Information Resources & Technology at Rowan will ever ask you to send them your password.
Please protect your personal information, including your passwords, as much as you would protect your bank account.
Add an Extra Layer of Security
Passwords are important, but even the most complex password can be exposed in a data breach. That's why you should add an extra layer of protection to your online accounts by enabling two-factor authentication whenever it's available.
Two-factor authentication helps prevent unauthorized users from accessing your accounts — even if they know your username and password. At Rowan University, we offer Duo two-factor authentication to protect your account.