Creating Strong Passwords
A secure password should be virtually impossible for others to guess. It should not contain or be based on personal information, and it should not be written down or given out to anybody.
Password Creation
- Use a minimum of 12-15 characters. (The longer the better).
- Use a combination of upper/lowercase letters, numbers, and symbols.
- Do not use any personal information such as pet names, middle names, birthdays, or anniversaries.
- Use a different password for every account.
Additional information for password requirements can be found in Password Standards.
Memorable Passwords
Password safes will generate a random password for you, but if you want one that you can remember, here are three simple ways to make a secure, easy to remember password:
- Create a passphrase by choosing a short phrase. For example, "iced tea is great for summer" becomes ic3dT!sgr84$umm3R.
- Changing the capitalization of some of the letters
- Replacing some of the letters with numerical and symbolic substitutions (such as $ for s, or 3 for e)
- Purposefully misspelling or abbreviating some words
- Choose several shorter words and add some numbers in the center. Change capitalization and substitute symbols for letters like: bo()K451BR^Dbury
- Choose a quote or phrase that has special meaning for you and use only the first letter from each word. Vary the capitalization. Make sure to also include numbers and symbols, either as substitutions for letters or as a replacement for a full word. "You will always miss 100 percent of the shots that you never take" could become ywAM100%ot$tyN+. Avoid using well known quotations.
What should I avoid?
There are many ways people try to make their passwords easier to remember. Cracking programs look for the most common passwords first.
- Contain your RIT username.
- Be the same as your passwords for other accounts (RIT and non-RIT services).
- Be a single word, forward or backward, from an English or foreign dictionary.
- Contain more than three sequential characters on a keyboard (such as qwerty or 1234).
- Contain more than two consecutive repeating characters (bbbb2bbbb).
- Be all numbers, like a birthday or anniversary dates (042516).
- Use common number substitutions (Passw0rd).
- Be shared with anyone for any reason.
Password Safes
Password safes save your passwords securely. They can also generate random passwords for each of your accounts.
These password safes store all your passwords in a single account, which has a master password you need to remember. This allows you to use truly random combinations in all your other passwords, making them more secure. Here are some good password safes:
- LastPass
- Bitwarden
- 1Password
- Dashlane
- RoboForm
- Sticky Password
- iCloud Keychain
Change your passwords when required
The RIT Password Standard requires passwords to be changed whenever they are suspected to have been compromised. In addition, passwords should be changed:
- Whenever a malicious program such as a virus is detected or a machine is compromised in some way.
- If there is a job change (job is completed, job is terminated, or a job transfer changes the need for access).
- From any default passwords.
- If they are shared with anyone other than the authorized user(s).