Skip to Main Content

UW home

Use Strong Passwords

Passwords Are Like Underwear posterUse strong passwords for all of your computer accounts. One of the easiest ways for someone to gain access to your account is to determine your password. Here are some suggestions for creating passwords:

Do:

  • Do make your password easy to remember. You should be able to type it quickly without having to look at the keyboard.
  • Do use at least 8 characters (and less than 20) when creating a password.
  • Do create a password with at least 1 letter, 1 number, and 1 special character (\-_+~!*[]%,?{}:/|^’), and have it be a good mix of the three.
  • Do include both uppercase and lowercase letters in your password, in addition to the numbers and special characters.
  • Do change your passwords routinely – at least every 60 days.
  • Do embed extra characters/misspell. For example, if you wanted to use a password like “Sunshineday”, try “SunSSh1neD+aya” or “Sun$$h1n3+Dayy”.
  • Do use unusual capitalization. For example, instead of “Sunsh1ne+Day”, use “sUnSh1NEd+Ay”.
  • Do concatenate two or more words or parts of words when creating your password.

Don't:

  • Don’t use the special characters $@&”(),<>’;=# in your password.
  • Don’t make a special character the first or last character in your password.
  • Don’t make a password that contains your username or parts of your full name longer than 2 consecutive characters.
  • Don’t set your password to anything you’ve used previously.
  • Don’t use simple keyboard patterns like A1B2C3D4, or p0o9i8u7. These are very easy to crack.
  • Don’t use your username, or simple permutations of your username. For example, if your username is Bigfoot, your password should not be Bigfoot+1, Big_F00t, foot_b1g, etc.
  • Don’t use any personal data (any data someone might associate with you). This includes names, nicknames, pets, social security numbers or phone numbers, birthdates, or license plate numbers.
  • Don’t use words that can be found in the English dictionary in your password. A modified phrase works the best. For example, instead of “Sunshine_1”, use “L3tTh3$_$hIne”. Instead of “Christmas+25”, use “Xms25thov?Dec”.
  • Don’t use words in a foreign language in your password, especially if the language used can be guessed (for example, it is your native tongue).
  • Don’t use university, college, or state team names in your password. These can be very easy to crack.
  • Don’t use names of famous people, places, things, TV shows, etc., that can be associated with you. For example, if you like the show Law and Order, you shouldn’t use Law_0rder as a password.
  • Don’t have your password contain the word “password”, “secret”, “god” or “root”.
  • Don’t give your password to anyone else. Ever. Not even to your co-workers or managers.
  • Don’t record your passwords anywhere they could be vulnerable. If you must write them down, keep them in a safe place that no one has access to. Never post them on your monitor or under your keyboard.
  • Don’t use the same password for all of your accounts. If your password is cracked, the hacker will have access to everything.
  • Don’t use the same password, or the same 2 or 3 passwords, over and over when you have to change them.
  • Don't use any of the examples above as your password!

How Fast Can Someone Guess Your Password?/b>

The table below is calculated by assuming 100,000 encryption operations per second. This is a plausible number for a desktop PC today. Password lengths from 5 to 12 are shown. The numbers at the top, 26, 36, 52, indicate the number of characters from which the passwords are formed. The times shown are the times to process the entire set of passwords, thus, the average time to crack passwords would be one half of the listed times.

Times Needed to Crack Passwords
Number of Characters in Password

Total Number of Characters from Which Password is Selected

26
(lower case letters only - abc)
36
(lower case letters plus numbers - abc123)
52
(upper and lower case letters - AaBbCc)
5 1.98 minutes 10.1 minutes 1.06 hours
6 51.5 minutes 3.74 hours 13.7 days
7 22.3 hours 9.07 days 3.91 months
8 24.2 days 10.7 months 17.0 years
9 1.72 years 32.2 years 8.82 centuries
10 44.8 years 1.16 millennia 45.8 millennia
11 11.6 centuries 41.7 millennia 2,384 millennia
12 30.3 millennia 1,503 millennia 123,946 millennia


Strong Passwords
courtesy of Virginia Commonwealth University

Strong passwords cannot be guessed easily. Hackers often use automated tools to help them guess or crack passwords, and the easier a password is to guess, the faster a hacker can break into a system. Here are some guidelines to assure your passwords are strong:

DO THIS: DON'T DO THIS:
Make your passwords at least eight characters long Use all or part of your login name
Include upper and lower case letters, numerals, and symbols Use a real word in any language
Use at least one symbol character in the second through sixth position Use numbers in place of similar letters to form a word
Use at least four different characters (don't repeat the same characters) Use consecutive letters or numbers (e.g., "abcdefg" or "234567")
Use random numbers and letters Use adjacent keys on your keyboard (e.g., "qwerty")


Many people write down their secret password, and tape it to the monitor or tuck it into a desk drawer next to their computer. The following are a few recommendations for handling your passwords more safely:

DO THIS: DON'T DO THIS:
Keep your password secret Write down your password
Use different passwords for different web sites Use the "remember my password" features on the web
Change your passwords at least every 60 days  Keep the same password for a long time or keep reusing old passwords

 

top of page

Share This Page:

Footer Navigation

University of Wyoming
 

 

 

1000 E. University Ave. Laramie, WY 82071 // UW Operators (307) 766-1121 // Contact Us