Remember: Don't reveal your passwords to anyone else, not even IT Services staff. Guard your passwords and always change them if you suspect that they have become known to others.
Eight rules for creating safer passwords
- Rule 1 - Don't tell your passwords to anyone, not even IT Services staff.
- Rule 2 - Don't use simple words, pets' or people's names, phone numbers, or key dates like a birthday for your password.
- Rule 3 - Use long and complex passwords with a mix of upper and lowercase characters, numbers, and special characters.
- Rule 4 - Use a passphrase like "IHat3OvercookedBr0cc0li!" that's easy for you to remember but hard for others to guess.
- Rule 5 - Use a different password for each online account and don't use simple patterns like 'password1' or 'password2'.
- Rule 6 - Change your password regularly, but immediately if you think it has been compromised. Never reuse passwords.
- Rule 7 - Use two-step sign-in everywhere you can.
- Rule 8 - Consider using a password manager at home. These products make it much easier to have strong, unique passwords on all of your personal accounts.
How quickly can your password be hacked?
Here is a chart illustrating how quickly passwords can be hacked and why creating strong passwords is important for keeping your online accounts safe.
Password length | All characters | Only lowercase |
---|---|---|
3 characters | 0.86 seconds | 0.02 seconds |
4 characters | 1.36 minutes | 0.046 seconds |
5 characters | 2.15 hours | 11.9 seconds |
6 characters | 8.51 days | 5.15 minutes |
7 characters | 2.21 years | 2.23 hours |
8 characters | 2.10 centuries | 2.42 days |
9 characters | 20 millennia | 2.07 months |
Passphrases
A passphrase is like a password but longer. It's a string of words and can contain symbols. It does not have to be a proper sentence or grammatically correct, but simply be something that will stick in your memory only!
- Five tips for creating and using a passphrase:
Use five or more words you can easily remember and separate them with a special symbol, like "I!Hat3!Overcooked!Br0cc0li!" - Your passphrase should be at least 25 characters long.
- Change your passphrase regularly (unless you believe it was compromised, in which case you should change it immediately!)
- Don't use the same passphrase on more than one account.
- Make sure the phrase you choose is easy to remember but is not a common quote, lyrics to a popular song, or any group of words that could be easily guessed by someone who knows you!