All University web hosted services will be at risk of downtime every Tuesday between 7am to 9am.

Jump to accessibility statement Skip to content

Create a Strong Password


Techical Services / Cyber Security and Information Governance / Information Governance / Staff Guidance / Create a Strong Password

Create a Strong Password

The key to producing a good password:

·         Easy to remember, hard to guess

·         Complex and sufficiently long (suggested minimum of 8 characters where possible)

·         A passphrase rather than a password

Characteristics of a bad password:

·         A single dictionary word

·         Contain personal information

·         Shared with others

·         Reused a number of times

Password top tips

Reuse

Avoid using the same password multiple times, for example, the same password for your email, social media and banking.

If a password used for a social media account along with a name or email address was leaked out to the public domain, attackers will attempt to reuse these credentials across multiple platforms to gain unlawful access.

 

Length

Longer passwords are significantly more difficult to crack / guess than shorter ones.

A basic example; The password 'aaaaaaaaa' could be cracked by an average home PC in just 2 minutes, whereas the password 'aaaaaaaaaaaaaa' would take a thousand years.

The passwords above have no complexity and repeated pattern, however, the time required to crack these two passwords are significantly different.

 

Creation Methodology 

The method of creating a password can be an important function in having a secure password.

Passphrase:

Creating a passphrase can be the solution to creating a strong password

'thetreehasgreenleaves'

This password has 21 characters, no one single dictionary word and is easy to remember. There are many options you could give yourself as a password reminder that will not give the password away and could take up to 410 billion years to crack.

Complex Passphrase

Many systems require complexity as part of password requirements, taking the already easy to remember passphrase, complexity requirements can be added for conformance and additional security

'Th3 Tr33 Ha$ Gr33n L3ave$'

Across the passphrase we have introduced a standard rule set:

  • 'e' is replaced with '3'
  • 's' is replaced with '$'
  • all words start with a capital
  • all words have spaces between them

The passphrase is still recognisable from our original meaning, it is still a memorable phrase and would now take up to 29 nonillion (that's 29 followed by 30 zeros) to crack.

Word Equation

Passphrases may not work for everyone, another method could be to create a word equation

'coffee=beans+water'

This simple equation already has length and special characters giving a cracking time of approximately 85 billion years

'Coff33=B3an$+Wat3r'

Once again adding some rules to our complexity:

  • 'e' is replaced with '3'
  • 's' is replaced with '$'
  • all words start with a capital

The time to crack has increased to 7 quadrillion years.